home

tugs_ar_qone8.exe

Banyan Tree Technology Limited

The application tugs_ar_qone8.exe by Banyan Tree Technology Limited has been detected as adware by 8 anti-malware scanners. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).It is also typically executed from the user's temporary directory.
Publisher:
Banyan Tree Technology Limited  (signed and verified)

Version:
2.0.2.2627

MD5:
db677ccd20ac1b721a14754ac94e44aa

SHA-1:
1343cdad9444dbb2bc146ac279c2b844aa391090

SHA-256:
f9da53e55119e630e21fffff77814aa75d6fb9048e60966a1df1ab0e90437d4b

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:
4/26/2024 5:01:59 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
MalSign.Generic
2016.0.3101

ESET NOD32
Win32/ELEX (variant)
9.8973

Malwarebytes
PUP.Optional.Elex
v2015.05.23.10

McAfee
PUP-FDW!DB677CCD20AC
5600.6757

Panda Antivirus
Trj/Genetic.gen
15.05.23.10

Reason Heuristics
PUP.BanyanTreeTechnology
15.5.23.6

Trend Micro House Call
TROJ_GEN.F47V1012
7.2.143

VIPRE Antivirus
Elex Installer
22794

File size:
444.6 KB (455,248 bytes)

Product version:
2.0.2.2627

Copyright:
Copyright (C) 2013

Original file name:
iXB.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\861f655bacee44cfbd5d6917b591ad48\software\tugs_ar_qone8.exe

Digital Signature
Signed by:
Banyan Tree Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
1/10/2013 6:18:54 AM

Valid to:
1/11/2015 6:18:54 AM

Subject:
CN=Banyan Tree Technology Limited, O=Banyan Tree Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C63E4490F9D28667737C8DE7D3B6805D

File PE Metadata
Compilation timestamp:
10/9/2013 1:29:50 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:dseFJ3XOdIiMg35LKlj6CHrHaBpFn7W/Sg+BFoqjHH6oHI4Ccaqhv4Qqs4y:JsYqL2j6oza7FnUSfFnH74Q9

Entry address:
0x1000

Entry point:
68, 01, 40, 4B, 00, E8, 01, 00, 00, 00, C3, C3, 96, 10, D2, 76, CC, 62, 0D, 78, C1, 8E, 80, 8B, 5E, B4, 29, A2, EC, 86, B5, 81, 96, 74, 66, 80, 93, C1, 84, 5C, A6, CC, D1, 59, FF, E7, 0C, F8, 85, 41, E1, 83, B8, AF, 44, D5, 04, E0, 42, F0, A7, 96, 77, 94, 65, 3B, 4D, 26, DF, D7, BF, 4E, E1, 30, F6, 92, 59, 1A, 7E, 6B, 40, BA, 0A, 03, BA, A5, D6, 27, 5A, 32, 54, 55, E0, ED, EA, A2, 5B, 43, 60, 76, 02, 2A, 8B, D8, 8B, 1F, 31, 30, 59, DB, 0A, C2, BB, 09, 2A, 34, 3F, 60, 5B, 1B, D6, 74, 10, 75, FC, C2, B1, 58...
 
[+]

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
497 KB (508,928 bytes)

Remove tugs_ar_qone8.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.