home

wpc_omiga-plus_201311418037.exe

Skytech

Skytouch Technology Co., Limited

The application wpc_omiga-plus_201311418037.exe, “Skytech Downloader” by Skytouch Technology Co., Limited has been detected as adware by 16 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from i1.stylefun.info and multiple other hosts.
Publisher:
Skytech Co., Ltd.  (signed by Skytouch Technology Co., Limited)

Product:
Skytech

Description:
Skytech Downloader

Version:
3.0.2.2951

MD5:
578cb204003b7db88e27bf60929aed5d

SHA-1:
ea34127cc7bc1b6edb95f10682c99813d8a71e31

SHA-256:
192374cc5bbcc0542572016327704e8f6fd370166b5dcaf8fb8467a237d4fca1

Scanner detections:
16 / 68

Status:
Adware

Analysis date:
4/25/2024 7:53:37 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Downloader.SV
429

Agnitum Outpost
Riskware.Agent
7.1.1

avast!
Win32:Adware-gen [Adw]
2014.9-151202

AVG
Skodna.Downloader
2016.0.2907

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.15122

Bitdefender
Application.Downloader.SV
1.0.20.1680

Dr.Web
Adware.Downware.1605
9.0.1.0336

ESET NOD32
Win32/ELEX.AA (variant)
9.10667

F-Secure
Application.Downloader.SV
11.2015-02-12_4

G Data
Application.Downloader.SV
15.12.24

Malwarebytes
PUP.Optional.SkyTech.A
v2015.12.02.12

MicroWorld eScan
Application.Downloader.SV
16.0.0.1008

NANO AntiVirus
Riskware.Win32.Downware.ddxhcr
0.28.6.62995

Reason Heuristics
PUP.ELEX.SkytouchTechnologyCo (M)
15.12.2.12

VIPRE Antivirus
SkyTouch
34498

Zillya! Antivirus
Backdoor.PePatch.Win32.49770
2.0.0.1975

File size:
444.1 KB (454,808 bytes)

Product version:
3.0.2.2951

Copyright:
Skytech Copyright (C) 2013

Original file name:
Main.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\addons\wpc_omiga-plus_201311418037.exe

Digital Signature
Signed by:
Skytouch Technology Co., Limited

Authority:
GlobalSign nv-sa

Valid from:
10/24/2013 1:52:17 PM

Valid to:
7/9/2014 4:29:59 PM

Subject:
CN="Skytouch Technology Co., Limited", O="Skytouch Technology Co., Limited", L=HongKong, S=HongKong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112192933BC5C496F760FA568CA9D16C72F2

File PE Metadata
Compilation timestamp:
11/1/2013 4:39:39 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:XHCrfyq2RJTS46hdTa1BCUMvobURAp026Dqa:XHCrfy1fT4a/O46vdqa

Entry address:
0x1CEAE

Entry point:
E8, 12, BA, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 14, 8B, 4D, 08, 56, 85, D2, 75, 0D, 85, C9, 75, 0D, 39, 4D, 0C, 75, 26, 33, C0, EB, 33, 85, C9, 74, 1E, 8B, 45, 0C, 85, C0, 74, 17, 85, D2, 75, 07, 33, C0, 66, 89, 01, EB, E6, 8B, 75, 10, 85, F6, 75, 19, 33, C0, 66, 89, 01, E8, 27, 0D, 00, 00, 6A, 16, 5E, 89, 30, E8, EA, 90, 00, 00, 8B, C6, 5E, 5D, C3, 53, 57, 8B, D9, 8B, F8, 83, FA, FF, 75, 16, 2B, DE, 0F, B7, 06, 66, 89, 04, 33, 8D, 76, 02, 66, 85, C0, 74, 25, 4F, 75, EE, EB, 20, 2B, F1, 0F, B7...
 
[+]

Entropy:
5.2940

Code size:
234.5 KB (240,128 bytes)

The file wpc_omiga-plus_201311418037.exe has been seen being distributed by the following 2 URLs.

http://i1.stylefun.info/.../wpc_omiga-plus_201311418037.exe

http://i1.stylezip.info/.../wpc_omiga-plus_201311418037.exe

Remove wpc_omiga-plus_201311418037.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.