home

qq8.2@81_428274.exe

downloader of lewell

Hefei Lewei Information Technology Co.,Ltd.

The application qq8.2@81_428274.exe by Hefei Lewei Information Technology Co.,Ltd has been detected as a potentially unwanted program by 19 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from url.goosai.com and multiple other hosts.
Publisher:
Hefei Lewei Information Technology Co.,Ltd.  (signed and verified)

Product:
downloader of lewell

Version:
1.0.2.1

MD5:
5db5eed1d3dab624ba936c6ec524fcec

SHA-1:
ee57af3daf3bc3131b4f1713976321f5eb93f9bc

SHA-256:
61833b3ff749d8582a6b23c7b40cc7129d1fd934223527a0dd29ff2964b796d3

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 7:06:06 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.84
289

Arcabit
Trojan.Application.Bundler.84
1.0.0.672

avast!
Win32:Adware-gen [Adw]
2014.9-160421

Baidu Antivirus
Win32.Adware.Qjwmonkey
4.0.3.16421

Bitdefender
Gen:Variant.Application.Bundler.84
1.0.20.560

Bkav FE
W32.HfsAdware
1.3.0.7744

Dr.Web
Adware.Qjwmonkey.73
9.0.1.0112

ESET NOD32
Win32/Adware.Qjwmonkey (variant)
10.13367

F-Secure
Gen:Variant.Application.Bundler
11.2016-21-04_5

G Data
Gen:Variant.Application.Bundler.84
16.4.25

IKARUS anti.virus
PUA.Qjwmonkey
t3scan.2.0.9.0

K7 AntiVirus
Adware
13.222.19369

Malwarebytes
Adware.Qjwmonkey
v2016.04.21.07

MicroWorld eScan
Gen:Variant.Application.Bundler.84
17.0.0.336

Panda Antivirus
Trj/Genetic.gen
16.04.21.07

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.16419

Sophos
QjMonkey (PUA)
4.98

VIPRE Antivirus
Trojan.Win32.Generic
48782

Zillya! Antivirus
Adware.Qjwmonkey.Win32.132
2.0.0.2800

File size:
805.6 KB (824,920 bytes)

Product version:
1.0.2.1

Original file name:
downloader of lewell

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\downloads\qq8.2@81_428274.exe

Digital Signature
Signed by:
Hefei Lewei Information Technology Co.,Ltd.

Authority:
WoSign CA Limited

Valid from:
10/29/2015 2:17:37 PM

Valid to:
10/29/2016 2:17:37 PM

Subject:
CN="Hefei Lewei Information Technology Co.,Ltd.", O="Hefei Lewei Information Technology Co.,Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
5AB7015B756534ACC678E7DB75D22D97

File PE Metadata
Compilation timestamp:
4/15/2016 2:24:32 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:c21Tg5S5W7jhUckHCYNUnR91BRBq8BZhrnkNUNTTdiq2:RTgsaCcDR91BRBLtrnkNUpTdiq2

Entry address:
0x2A2BB

Entry point:
E8, A9, B4, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 0C, 57, 33, FF, 85, F6, 74, 1B, 6A, E0, 33, D2, 58, F7, F6, 3B, 45, 10, 73, 0F, E8, 9F, 11, 00, 00, C7, 00, 0C, 00, 00, 00, 33, C0, EB, 3C, 0F, AF, 75, 10, 53, 8B, 5D, 08, 85, DB, 74, 09, 53, E8, EB, 2A, 00, 00, 59, 8B, F8, 56, 53, E8, E5, B5, 00, 00, 8B, D8, 59, 59, 85, DB, 74, 15, 3B, FE, 73, 11, 2B, F7, 8D, 04, 1F, 56, 6A, 00, 50, E8, 0C, 00, 00, 00, 83, C4, 0C, 8B, C3, 5B, 5F, 5E, 5D, C3, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74...
 
[+]

Entropy:
6.3526

Code size:
268.5 KB (274,944 bytes)

The file qq8.2@81_428274.exe has been seen being distributed by the following 12 URLs.

http://url.goosai.com/.../???????2015?????@68_56044.exe

http://count.ddooo.com/redirect.asp?sid=59502&rm=2&downurl=http://.../js0group_59502.rar

http://url.goosai.com/.../?????????PPT@164_2108.exe

http://xiazai.zol.com.cn/down.php?softid=26465&subcateid=325&site=10&checkStr=16410870a7e32f26c&pos=dxgs1&rand=43acb8

http://xiazai.zol.com.cn/down.php?nn=50ccd974e72abf443&softid=428463&subcateid=103&site=10&server=10&rand=5729901&action=downloader

http://xiazai.zol.com.cn/down.php?nn=e823c0b8d27c48236&softid=328133&subcateid=56&site=10&server=10&rand=6540417&action=downloader

http://xiazai.zol.com.cn/down.php?nn=43ab79749834c32ef&softid=426733&subcateid=104&site=10&server=10&rand=3361164&action=downloader

http://xiazai.zol.com.cn/down.php?nn=bc29f4c14ea51514c&softid=135373&subcateid=327&site=10&server=10&rand=959595&action=downloader

http://xiazai.zol.com.cn/down.php?nn=bc29f4c14ea51514c&softid=135373&subcateid=327&site=10b&server=10&rand=6271058&action=downloader

http://xiazai.zol.com.cn/down.php?softid=426777&subcateid=279&site=10&checkStr=be8b3454116a03795&pos=downloader_2&rand=d666a1

http://xiazai.zol.com.cn/down.php?softid=135373&subcateid=327&site=10&checkStr=bc29f4c14ea51514c&pos=downloader_0&rand=e402a3

http://xiazai.zol.com.cn/down.php?nn=bc29f4c14ea51514c&softid=135373&subcateid=327&site=10b&server=10&rand=2193374&action=downloader

Remove qq8.2@81_428274.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.