home

九卅瀏覽器.exe

九卅浏览器

九卅娱乐城

This is a setup program which is used to install the application. The file has been seen being downloaded from ju888.net.
Publisher:
九卅娱乐城

Product:
九卅浏览器

Version:
6.0.2.1

MD5:
55e176d7b6233669cdf3deb7cd60e99b

SHA-1:
b80b37309f3bf9ce51a4a89606d0ed1021a21e66

SHA-256:
6238280033d5515accd9791b49ade53bb4644a3f2f5069d7aa214e5fc386a393

Scanner detections:
6 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/6/2024 8:32:33 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic13_c
2016.0.3002

Baidu Antivirus
Hacktool.Win32.Packed.Themida
4.0.3.15830

Bkav FE
W32.HfsAutoB
1.3.0.7133

ESET NOD32
Win32/Packed.Themida suspicious (variant)
9.12153

Fortinet FortiGate
PossibleThreat
8/30/2015

VIPRE Antivirus
Trojan.Win32.Generic
43380

File size:
1.5 MB (1,609,728 bytes)

Product version:
6.0.2.1

Copyright:
Copyright © 2014 九卅娱乐城版权所有

Original file name:
九卅浏览器.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\?????.exe

File PE Metadata
Compilation timestamp:
8/8/2015 11:14:53 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:gLIA+0+DtBfQklqfN8a6zFt7vH5H0S8B3LZpcrHmc7+Bg01JUi/vi+6rjyAx:gwnDrfQKa6zFlf8B3Npcrmfi+6rjyA

Entry address:
0x418000

Entry point:
56, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, 20, 14, 00, 2D, 8C, AC, 0B, 10, 05, 83, AC, 0B, 10, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 5C, 4F, 24, 6F, 68, 2B, 32, A7, 24, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, F1, 95, 67, A2, F9, 31, CE, 3B, ED, 1A, 38, 75, 40, 5B, 22, 69...
 
[+]

Entropy:
7.9525  (probably packed)

Code size:
714.5 KB (731,648 bytes)

The file 九卅瀏覽器.exe has been seen being distributed by the following URL.

http://ju888.net/DownLoad.aspx

Scan 九卅瀏覽器.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.