» oursurfing.exe
Overview
Analysis
File Details

oursurfing.exe

4319_2sq3_oursurfing

Shulan Hou

The application oursurfing.exe by Shulan Hou has been detected as adware by 9 anti-malware scanners. It is also typically executed from the user's temporary directory.

File name:

oursurfing.exe

Publisher:

Welnk.com (signed by Shulan Hou)

Product:

4319_2sq3_oursurfing

Description:

Welnk

Version:

6.6.86.1648

MD5:

b766255692875647fb61de825091762d

SHA-1:

cfe8666718f21f9b16f4ed434838b98f61a5295c

SHA-256:

ebda85ae015027012761e725b6ce277766ac3b2f4732539a807f2fb802e51f5e

Scanner detections:

9 / 68

Status:

Adware

Analysis date:

5/16/2024 5:10:05 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Mutabaha

7.1.1

Bkav FE

W32.HfsAdware

1.3.0.7062

Dr.Web

Adware.Mutabaha.597

9.0.1.0242

K7 AntiVirus

Riskware

13.2016954

Malwarebytes

PUP.Optional.OurSeaching.A

v2015.08.30.04

McAfee

Artemis!B76625569287

5600.6657

Microsoft Security Essentials

BrowserModifier:Win32/SupTab

1.1.11903.0

NANO AntiVirus

Riskware.Win32.Mutabaha.dvdjlj

0.30.24.3079

Reason Heuristics

PUP.ELEX.ShulanHou (M)

15.8.30.16

File size:

249.6 KB (255,584 bytes)

Product version:

6.6.86.1648

Original file name:

WeLink.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\oursurfing.exe

Digital Signature

Signed by:

Shulan Hou

Authority:

DigiCert Inc

Valid from:

12/24/2014 1:00:00 AM

Valid to:

1/6/2016 1:00:00 PM

Subject:

CN=Shulan Hou, O=Shulan Hou, L=Dingzhou, S=Hebei, C=CN

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0F53BEA8A702FF6F4D98547A190C3464

File PE Metadata

Compilation timestamp:

8/12/2015 10:57:43 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:DxeuaxeqSAnNhyI3D2bxAcXwrkvZZt1cEy6wNBi5VEyxJRZpf2VKsd1:DxL7BAnNDCbLXwrkBKEy6wvK7ZpcKS1

Entry address:

0xF03B

Entry point:

E8, 0F, A9, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 50, 44, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 48, 41, 42, 00, C9, C2, 08, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00... 
[+]

Code size:

138 KB (141,312 bytes)

Remove oursurfing.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.