home

md5_46_1.exe

Beijing Ruidongtiandi Info.Tech.Co.,Ltd.

The application md5_46_1.exe by Beijing Ruidongtiandi Info.Tech.Co.,Ltd has been detected as a potentially unwanted program by 24 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
Beijing Ruidongtiandi Info.Tech.Co.,Ltd.  (signed and verified)

MD5:
2cf869d9f0a6147da2b0c953984b2352

SHA-1:
6f997ed83609005cab618494d58a9265af515397

SHA-256:
dd9b787f7dacbb50867af03a3ee1127cbc9c2ae4d227c7d50615c782e6b5b7ea

Scanner detections:
24 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/26/2024 3:56:47 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.DL.Lidared
7.1.1

Avira AntiVirus
TR/Taranis.390
8.3.2.4

Baidu Antivirus
Trojan.Win32.Lidared
4.0.3.1665

Bitdefender
Gen:Variant.Midie.3527
1.0.20.785

Comodo Security
TrojWare.Win32.TrojanDownloader.Lidared.D
23890

Dr.Web
Trojan.OutBrowse.1850
9.0.1.0157

Emsisoft Anti-Malware
Gen:Variant.Midie.3527
8.16.06.05.06

ESET NOD32
Win32/TrojanDownloader.Lidared (variant)
10.12804

Fortinet FortiGate
W32/Lidared.A!tr.dldr
6/5/2016

G Data
Gen:Variant.Midie.3527
16.6.25

IKARUS anti.virus
Trojan-Downloader.Win32.Lidared
t3scan.1.9.5.0

K7 AntiVirus
Trojan-Downloader
13.212.18285

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic
14.0.0.101

McAfee
Artemis!2CF869D9F0A6
5600.6377

Microsoft Security Essentials
Trojan:Win32/Dynamer!ac
1.1.12400.0

NANO AntiVirus
Trojan.Win32.OutBrowse.dyzupo
1.0.14.5380

Qihoo 360 Security
Win32/Trojan.ae5
1.0.0.1077

Reason Heuristics
PUP.OutBrowse (M)
16.6.5.18

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.16603

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R0EBC0DL715
10.465.05

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
46198

Zillya! Antivirus
Adware.Eorezo.Win32.22017
2.0.0.2591

File size:
4 MB (4,151,208 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\tfeimlpe\md5_46_1.exe

Digital Signature
Signed by:
Beijing Ruidongtiandi Info.Tech.Co.,Ltd.

Authority:
VeriSign, Inc.

Valid from:
11/11/2010 8:00:00 AM

Valid to:
11/11/2012 7:59:59 AM

Subject:
CN="Beijing Ruidongtiandi Info.Tech.Co.,Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing Ruidongtiandi Info.Tech.Co.,Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
05D98A22E3A0FB56DAA205538300381F

File PE Metadata
Compilation timestamp:
12/1/2015 9:08:00 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:DKTMQxddsQLLJ7y/byzuSPiiT+FjTScjqv/jZRXLRH7TVY545oNFziN5Eg9uUInO:D4+GLc/QijTSigXXLp+9FONegIUInO

Entry address:
0xA1CE

Entry point:
E8, A5, 47, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, F1, 8B, 4D, 08, C6, 46, 0C, 00, 85, C9, 75, 66, 57, E8, 6D, 3D, 00, 00, 8B, F8, 89, 7E, 08, 8B, 57, 6C, 89, 16, 8B, 4F, 68, 89, 4E, 04, 3B, 15, 4C, EC, 42, 00, 74, 11, A1, 10, ED, 42, 00, 85, 47, 70, 75, 07, E8, 58, 4F, 00, 00, 89, 06, 8B, 46, 04, 5F, 3B, 05, EC, E9, 42, 00, 74, 15, 8B, 4E, 08, A1, 10, ED, 42, 00, 85, 41, 70, 75, 08, E8, BA, 52, 00, 00, 89, 46, 04, 8B, 4E, 08, 8B, 41, 70, A8, 02, 75, 16, 83, C8, 02, 89, 41, 70, C6, 46, 0C, 01, EB...
 
[+]

Entropy:
7.7379

Packer / compiler:
PEQuake V0.06

Code size:
131 KB (134,144 bytes)

Remove md5_46_1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.