home

挂机版.exe

流量宝挂机版

Hangzhou Yunbao Network&Technology Co.,Ltd

The application 挂机版.exe by Hangzhou Yunbao Network&Technology Co.,Ltd has been detected as a potentially unwanted program by 5 anti-malware scanners.
Publisher:
Hangzhou Yunbao Network&Technology Co.,Ltd  (signed and verified)

Product:
流量宝挂机版

Version:
1,1,512,3

MD5:
e0f7e3481fae2ddb5fd772e660232547

SHA-1:
2a7e3b50b8f597d3f25313f750209c985a993c41

SHA-256:
e1a61f80d5f30f74d56225830aa662f535c6674b353fd84bcd725e75820ef1b2

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
11/25/2024 7:34:59 PM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
ApplicUnwnt
20045

ESET NOD32
Win32/Adware.HYunbao (variant)
9.10701

IKARUS anti.virus
PUA.HYunbao
t3scan.1.8.3.0

Qihoo 360 Security
Win32/Trojan.Adware.37e
1.0.0.1015

Trend Micro House Call
Suspicious_GEN.F47V1028
7.2.42

File size:
695.5 KB (712,192 bytes)

Product version:
1,1,512,3

Copyright:
版权所有 (C) Hangzhou Yunbao Network&Technology Co.,Ltd 2011

Original file name:
流量宝挂机版.EXE

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Digital Signature
Signed by:
Hangzhou Yunbao Network&Technology Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
6/25/2014 5:00:00 PM

Valid to:
8/25/2015 4:59:59 PM

Subject:
CN="Hangzhou Yunbao Network&Technology Co.,Ltd", OU=IT Dept., O="Hangzhou Yunbao Network&Technology Co.,Ltd", L=Hangzhou, S=Zhejiang, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7D7B3CBF4105DAE7A25AA30FF7C8CD21

File PE Metadata
Compilation timestamp:
8/3/2014 8:27:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:PutwxAQs42J6LVIiHXj1e8v/pzZooiMZmeTURkOKbwX3nOTrv+v:WtmAQsmLVlHXj1egRzZooiMZlTPTrv+v

Entry address:
0x6315E

Entry point:
55, 8B, EC, 6A, FF, 68, F0, FA, 47, 00, 68, FC, 35, 46, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, BC, C7, 47, 00, 59, 83, 0D, 78, EA, 49, 00, FF, 83, 0D, 7C, EA, 49, 00, FF, FF, 15, B8, C7, 47, 00, 8B, 0D, E4, E9, 49, 00, 89, 08, FF, 15, B4, C7, 47, 00, 8B, 0D, E0, E9, 49, 00, 89, 08, A1, B0, C7, 47, 00, 8B, 00, A3, 74, EA, 49, 00, E8, 2C, 04, 00, 00, 39, 1D, 60, DF, 49, 00, 75, 0C, 68, F8, 35, 46, 00, FF, 15...
 
[+]

Entropy:
6.2792

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
492 KB (503,808 bytes)

Remove 挂机版.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.