» llys_istartsurf.exe
Overview
Analysis
File Details
Downloads (1)

llys_istartsurf.exe

4961_tugss_istartsurf

Giner Tech Inc

The application llys_istartsurf.exe by Giner Tech Inc has been detected as adware by 6 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d2drfrdurj6mvo.cloudfront.net.

File name:

llys_istartsurf.exe

Publisher:

Giner Tech Inc (signed and verified)

Product:

4961_tugss_istartsurf

Description:

Installer Module

Version:

1.0.0.2

MD5:

f43b24f45f5a13675b0b841e118ce802

SHA-1:

9773c7e4ff3bcd0bf2a1118b8d7bfafea268df17

SHA-256:

7c7668ce135382d5f61c22aa488d253d9fff3bf5a0af68409360a07836ce494c

Scanner detections:

6 / 68

Status:

Adware

Analysis date:

6/3/2024 9:08:15 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Mutabaha.802

9.0.1.0297

ESET NOD32

Win32/ELEX.FK potentially unwanted (variant)

9.12442

F-Secure

Gen:Variant.Application.Jatif

11.2015-24-10_7

Malwarebytes

PUP.Optional.IStartSurf.ShrtCln

v2015.10.24.04

Reason Heuristics

PUP.Thinknice.GinerTech.Installer (M)

15.10.22.8

VIPRE Antivirus

Trojan.Win32.Generic

44710

File size:

538.6 KB (551,560 bytes)

Product version:

1.0.0.2

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States d'America)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\llys_istartsurf.exe

Digital Signature

Signed by:

Giner Tech Inc

Authority:

GlobalSign nv-sa

Valid from:

10/19/2015 5:31:10 AM

Valid to:

12/2/2015 5:23:38 AM

Subject:

CN=Giner Tech Inc, O=Giner Tech Inc, L=Wilmington, S=Delaware, C=US

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112106B3EDF5DE21FE5DD0E0F44EB00F51DB

File PE Metadata

Compilation timestamp:

10/15/2015 7:39:01 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:4OadwD+OFIWCCCwOvmBU5SWCN17GfEuvFM4OrPBWaD2WXN9ihrrrraR:GEwgWCOEuvFM4+saDvXN9iAR

Entry address:

0x2EF57

Entry point:

E8, C7, AD, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, 64, 27, 00, 00, 6A, 16, 5E, 89, 30, E8, 04, 2E, 00, 00, 8B, C6, 5F, 5E, 5D, C3, 8B, F7, 66, 83, 3E, 00, 74, 06, 83, C6, 02, 49, 75, F4, 85, C9, 74, D4, 2B, F2, 0F, B7, 02, 66, 89, 04, 16, 8D, 52, 02, 66, 85, C0, 74, 03, 49, 75, EE, 33, C0, 85, C9, 75, D0, 66, 89, 07, E8, 20, 27, 00, 00, 6A, 22, EB, BA, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 74... 
[+]

Code size:

346.5 KB (354,816 bytes)

The file llys_istartsurf.exe has been seen being distributed by the following URL.

http://d2drfrdurj6mvo.cloudfront.net/.../llys_istartsurf.exe

Remove llys_istartsurf.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.