» xpvistawin7-the-world-god-only-knows1114@81_413433.exe
Overview
Analysis
File Details
Downloads (1)

xpvistawin7-the-world-god-only-knows1114@81_413433.exe

downloader of lewell

The application xpvistawin7-the-world-god-only-knows1114@81_413433.exe has been detected as a potentially unwanted program by 9 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from down10.zol.com.cn.

File name:

Product:

downloader of lewell

Version:

1.0.0.1

MD5:

c9c6974cc0bf1d98daefc4b4a9c45536

SHA-1:

3c0a8bded433d4f6c96a1765c75c23acb5100c5a

SHA-256:

34328685fff748701e8a2b0f52558ab7d287eff13a4c4fd034fd8348bad4051c

Scanner detections:

9 / 68

Status:

Potentially unwanted

Analysis date:

5/14/2024 7:44:47 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Adware-gen [Adw]

160708-3

AVG

Adware Generic7.MV

2015.0.4604

Dr.Web

Adware.Qjwmonkey.47

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.84

11.5.0.6191

ESET NOD32

Win32/Adware.Qjwmonkey.A application

7.0.302.0

Kaspersky

not-a-virus:AdWare.Win32.Agent

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.225.2243.0

Norman

Gen:Variant.Application.Bundler.84

28.05.2016 13:03:37

Reason Heuristics

Adware.Generic.AT (M)

16.7.24.20

File size:

721.5 KB (738,799 bytes)

Product version:

1.0.0.1

Original file name:

downloader of lewell

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\users\{user}\downloads\xpvistawin7-the-world-god-only-knows1114@81_413433.exe

File PE Metadata

Compilation timestamp:

11/5/2015 7:46:35 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:QWN4Z2tkBn7v+F4FoZTDBgXSvnpCnfBRBq8BZhrnkNUNiyFSdMqM:QWuZ2k64Fc0nfBRBLtrnkNU/SdMqM

Entry address:

0x1E92B

Entry point:

E8, 89, A2, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 0C, 57, 33, FF, 85, F6, 74, 1B, 6A, E0, 33, D2, 58, F7, F6, 3B, 45, 10, 73, 0F, E8, 9F, 11, 00, 00, C7, 00, 0C, 00, 00, 00, 33, C0, EB, 3C, 0F, AF, 75, 10, 53, 8B, 5D, 08, 85, DB, 74, 09, 53, E8, EB, 2A, 00, 00, 59, 8B, F8, 56, 53, E8, C5, A3, 00, 00, 8B, D8, 59, 59, 85, DB, 74, 15, 3B, FE, 73, 11, 2B, F7, 8D, 04, 1F, 56, 6A, 00, 50, E8, 0C, 00, 00, 00, 83, C4, 0C, 8B, C3, 5B, 5F, 5E, 5D, C3, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74... 
[+]

Entropy:

6.4169

Code size:

213 KB (218,112 bytes)

The file xpvistawin7-the-world-god-only-knows1114@81_413433.exe has been seen being distributed by the following URL.

http://down10.zol.com.cn/.../XpVistaWin7-the-world-god-only-knows1114@81_413433.exe

Remove xpvistawin7-the-world-god-only-knows1114@81_413433.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.