» smt_oursurfing.exe
Overview
Analysis
File Details

smt_oursurfing.exe

4964_smt_oursurfing

CHAODONG XIAO

The application smt_oursurfing.exe by CHAODONG XIAO has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

smt_oursurfing.exe

Publisher:

CHAODONG XIAO (signed and verified)

Product:

4964_smt_oursurfing

Description:

Installer Module

Version:

1.0.0.2

MD5:

6b5c1e554c1d7434263b7a99ee2e16b6

SHA-1:

c0b99439427588c4f30cde986cadf07ad7326a7a

SHA-256:

375d820c83263539c26847855a464c3e32f5072e83cfa8bfd3d79ccaa06956f2

Scanner detections:

8 / 68

Status:

Potentially unwanted

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

5/18/2024 6:44:38 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.ELEX

4.0.3.151027

Dr.Web

Adware.Mutabaha.812

9.0.1.0300

ESET NOD32

Win32/ELEX.FK potentially unwanted (variant)

9.12472

K7 AntiVirus

Adware

13.212.17663

Malwarebytes

PUP.Optional.OurSeaching

v2015.10.27.06

Panda Antivirus

Trj/Genetic.gen

15.10.27.06

Reason Heuristics

Threat.Win.Reputation.IMP

15.10.27.18

Zillya! Antivirus

Adware.BrowseFox.Win32.122766

2.0.0.2477

File size:

538.8 KB (551,680 bytes)

Product version:

1.0.0.2

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\smt_oursurfing.exe

Digital Signature

Signed by:

CHAODONG XIAO

Authority:

thawte, Inc.

Valid from:

10/27/2015 1:00:00 AM

Valid to:

10/21/2016 1:59:59 AM

Subject:

CN=CHAODONG XIAO, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

49899B24CF4F92E88D8A95807ECC70B7

File PE Metadata

Compilation timestamp:

10/15/2015 7:39:01 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:LOadwD+OFIWCCCwOvmBU5SWCN17GfEuvFM4OrPBWaD2WXN9ihrrrrC3:LEwgWCOEuvFM4+saDvXN9is

Entry address:

0x2EF57

Entry point:

E8, C7, AD, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, 64, 27, 00, 00, 6A, 16, 5E, 89, 30, E8, 04, 2E, 00, 00, 8B, C6, 5F, 5E, 5D, C3, 8B, F7, 66, 83, 3E, 00, 74, 06, 83, C6, 02, 49, 75, F4, 85, C9, 74, D4, 2B, F2, 0F, B7, 02, 66, 89, 04, 16, 8D, 52, 02, 66, 85, C0, 74, 03, 49, 75, EE, 33, C0, 85, C9, 75, D0, 66, 89, 07, E8, 20, 27, 00, 00, 6A, 22, EB, BA, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 74... 
[+]

Code size:

346.5 KB (354,816 bytes)

Remove smt_oursurfing.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.