home

sfpsnew4_v9.exe

2522_sfpsnew4_v9

Li Mo

The application sfpsnew4_v9.exe by Li Mo has been detected as adware by 10 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory.
Publisher:
TabMain  (signed by Li Mo)

Product:
2522_sfpsnew4_v9

Description:
TabMain

Version:
6.3.76.1518

MD5:
b7f95c601e0ceb6799b968121ee0e5b5

SHA-1:
d2750a892cdb4d0f367e172bce0705b4ff4f7834

SHA-256:
18c46484e5f68a3dc03a432c507d4d13c7a9817bdc6c4583de3a677f5e49b581

Scanner detections:
10 / 68

Status:
Adware

Analysis date:
5/11/2024 11:31:57 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AVG
Downloader
2016.0.3092

Baidu Antivirus
PUA.Win32.LiMo
4.0.3.15531

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Mutabaha.122
9.0.1.0151

ESET NOD32
Win32/ELEX.CF potentially unwanted (variant)
9.11563

Fortinet FortiGate
Riskware/LiMo
5/31/2015

K7 AntiVirus
Trojan
13.203.15778

Reason Heuristics
PUP.Liyan Liu.LiMo
15.5.31.15

Trend Micro House Call
Suspicious_GEN.F47V0216
7.2.151

File size:
313.4 KB (320,888 bytes)

Product version:
6.3.76.1518

Copyright:
Copyright (C) 2014

Original file name:
TMain.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\sfpsnew4_v9.exe

Digital Signature
Signed by:
Li Mo

Authority:
DigiCert Inc

Valid from:
8/3/2014 7:00:00 PM

Valid to:
8/12/2015 7:00:00 AM

Subject:
CN=Li Mo, O=Li Mo, L=Guilin, S=Guangxi, C=CN

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0226284B6EE43FB2E43A2888B7D5BA02

File PE Metadata
Compilation timestamp:
1/13/2015 12:10:22 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:i7Bnvx3mTCG0EnQY7Td8b5rWFX+HDBUeZjpi6h:i79xMCfEQ6dw5re+HDGeOK

Entry address:
0x1A58B

Entry point:
E8, 62, C2, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B...
 
[+]

Entropy:
6.2820

Code size:
195 KB (199,680 bytes)

Remove sfpsnew4_v9.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.