» 流量宝流量版.exe
Overview
Analysis
File Details
Downloads (5)

流量宝流量版.exe

liuliangbao

Hangzhou Yunbao Network&Technology Co.,Ltd

File name:

流量宝流量版.exe

Publisher:

www.liuliangbao.cn (signed by Hangzhou Yunbao Network&Technology Co.,Ltd)

Product:

liuliangbao

Description:

流量宝流量版

Version:

2.3

MD5:

37a0dc76105c1a87004d43451590dc4b

SHA-1:

e191b627b5d8c298dab6f0317b654b682cf6eb0e

SHA-256:

690e7d3543afb0a1f6a9adeb36ec40b902f36a1f14649d70fb1c0b9a389acd64

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

11/25/2024 9:38:13 PM UTC (today)

Scan engine

Detection

Engine version

G Data

Win32.Application.Liuliangbao

15.12.25

IKARUS anti.virus

PUA.Liuliangbao

t3scan.1.9.5.0

File size:

1.6 MB (1,679,544 bytes)

Product version:

2.3

Original file name:

liuliangbao

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\??????.exe

Digital Signature

Signed by:

Hangzhou Yunbao Network&Technology Co.,Ltd

Authority:

Symantec Corporation

Valid from:

7/17/2015 4:00:00 AM

Valid to:

9/15/2016 3:59:59 AM

Subject:

CN="Hangzhou Yunbao Network&Technology Co.,Ltd", OU=IT Dept., O="Hangzhou Yunbao Network&Technology Co.,Ltd", L=Hangzhou, S=Zhejiang, C=CN

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

1BED00C480C169774B3859AEBBC46346

File PE Metadata

Compilation timestamp:

12/23/2015 8:10:29 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:nxc9hcVoFpd/BTIHOdbCAe1TFseBs04QZ/TiTtePoBf4k:nxc9aVoFpOwOAiTyeBs6Z/TiTDp

Entry address:

0xC1B80

Entry point:

E8, 06, 99, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 68, B0, 04, 51, 00, FF, 15, 3C, 12, 50, 00, 85, C0, 74, 15, 68, A0, 04, 51, 00, 50, FF, 15, B8, 10, 50, 00, 85, C0, 74, 05, FF, 75, 08, FF, D0, 5D, C3, 8B, FF, 55, 8B, EC, FF, 75, 08, E8, C8, FF, FF, FF, 59, FF, 75, 08, FF, 15, E8, 11, 50, 00, CC, 6A, 08, E8, 6A, 8C, 00, 00, 59, C3, 6A, 08, E8, 88, 8B, 00, 00, 59, C3, 8B, FF, 56, E8, 9A, 49, 00, 00, 8B, F0, 56, E8, 6B, 45, 00, 00, 56, E8, 93, 47, 00, 00, 56, E8, 80, 7E, 00, 00, 56, E8, 2A, 9B, 00... 
[+]

Entropy:

6.6959

Code size:

1021.5 KB (1,046,016 bytes)

The file 流量宝流量版.exe has been seen being distributed by the following 5 URLs.

http://www.liuliangbao.cn/download.jsp?pageAction=down&link=0&r=1585617567&type=1

https://doc-0s-3k-docs.googleusercontent.com/docs/securesc/kfnotvt2h19m4vata908enim85068ash/cugg1rcd36du7sn2f0qf29q1c5gg8f44/1461153600000/.../02089071305185383009/0B_Q8mt4VwqXPeUF3TFd3SGxBS1E?e=download

http://static.liuliangbao.cn/dl/62448/.../??????.exe

http://www.liuliangbao.cn/download.jsp?pageAction=down&link=0&r=2029723926&type=1

http://www.liuliangbao.cn/download.jsp?pageAction=down&link=0&r=-486480696&type=1

Scan 流量宝流量版.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.