home

雄.exe

工程1

嗨皮(上海)网络科技有限公司

Publisher:
Microsoft  (signed by 嗨皮(上海)网络科技有限公司)

Product:
工程1

Description:
Install

Version:
1.00

MD5:
ba7620a3a2efa467229517f6a8f81e85

SHA-1:
42b370ef9f6c1faa7a00f0370e8b2773d844fa3d

SHA-256:
323fcaa2099ffc5915f09d499a42b5ecfcfdf4b0e80d9904fe599389f23e0f49

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/28/2024 2:44:25 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.6379

Vba32 AntiVirus
BScope.Trojan.Diple
3.12.26.3

File size:
1.4 MB (1,457,664 bytes)

Product version:
1.00

Original file name:
Steup.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\???\??.exe

Digital Signature
Signed by:
嗨皮(上海)网络科技有限公司

Authority:
VeriSign, Inc.

Valid from:
7/11/2013 8:00:00 AM

Valid to:
7/12/2014 7:59:59 AM

Subject:
CN=嗨皮(上海)网络科技有限公司, OU=技术部, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=嗨皮(上海)网络科技有限公司, L=上海, S=上海, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5E0808EBD9E3937F4C55C36B0751B673

File PE Metadata
Compilation timestamp:
8/6/2013 5:28:10 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:5BEFqSOHvnAOxifeLbUNpp9EHF1s5J7suBEFqSOHvnAOxifeLbUNpp9EHF1s5J7D:TEFNOHvnAOxifeLbUNpp9EHF1K7fBEFJ

Entry address:
0x254C

Entry point:
68, 9C, 28, 40, 00, E8, EE, FF, FF, FF, 00, 00, 58, 00, 00, 00, 30, 00, 00, 00, 50, 00, 00, 00, 48, 00, 00, 00, 82, E1, 4E, 9A, E1, 15, DF, 46, A0, 32, F5, 91, B6, 8B, 48, F9, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, C8, ED, BC, FE, B0, B2, C8, AB, C9, A8, C3, E8, B0, B2, D7, B0, C6, F7, 00, 00, 00, 00, 00, 00, 49, 6E, 73, 74, 61, 6C, 6C, 00, 00, 00, 00, 00, 00, 00, 00, 00, D0, 00, 00, 00, A0, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 0B, 00, 00, 00, 06, 5B, 50, B4, 4A, 5B, CF, 4E...
 
[+]

Entropy:
5.4625

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
1 MB (1,081,344 bytes)

Scan 雄.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.