高清版1280p_vod_ca12.exe

The application 高清版1280p_vod_ca12.exe has been detected as a potentially unwanted program by 18 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from down.reaboo.com.
Description:
优播影视西瓜安装程序

Version:
2.0.6.821

MD5:
6188486fc2593ad5512ea34fc4168498

SHA-1:
41c51d6e50c9e08ccf405d9e570f3813e0b59a4f

SHA-256:
90d2e6b2929c0714893a4e88a39a3614195bfa8846d6584a9927c074e4d19e63

Scanner detections:
18 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 8:04:40 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11703696
236

AhnLab V3 Security
PUP/Win32.Downloader
2015.03.04

Avira AntiVirus
TR/Rogue.929280.3
7.11.213.94

avast!
Win32:Rootkit-gen [Rtk]
2014.9-160612

Bitdefender
Trojan.Generic.11703696
1.0.20.820

Comodo Security
UnclassifiedMalware
21284

Emsisoft Anti-Malware
Trojan.Generic.11703696
8.16.06.12.06

F-Secure
Trojan.Generic.11703696
11.2016-12-06_1

G Data
Trojan.Generic.11703696
16.6.25

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.6.0

McAfee
Artemis!6188486FC259
5600.6370

MicroWorld eScan
Trojan.Generic.11703696
17.0.0.492

Norman
Suspicious_Gen5.AUIOA
11.20160612

nProtect
Trojan.Generic.11703696
15.03.03.01

Panda Antivirus
Trj/CI.A
16.06.12.06

Trend Micro House Call
TROJ_GEN.R0CBC0OIK14
7.2.164

Trend Micro
TROJ_GEN.R0CBC0OIK14
10.465.12

VIPRE Antivirus
Trojan.Win32.Generic
38098

File size:
907.5 KB (929,280 bytes)

Product version:
1.1.0.0

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Common path:
C:\users\{user}\downloads\高清版1280p_vod_ca12.exe

File PE Metadata
Compilation timestamp:
6/19/2014 8:49:40 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:jzHRPSd6R4p+JKUltcjd9pXQrzJbH3wtQsLvSBd2mcj:B1R4pSK/pgrzlDevSOtj

Entry address:
0x213001

Entry point:
60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, 30, 21, 00, 83, BD, 7D, 04, 00, 00, 00, 89, 9D, 7D, 04, 00, 00, 0F, 85, C0, 03, 00, 00, 8D, 85, 89, 04, 00, 00, 50, FF, 95, 09, 0F, 00, 00, 89, 85, 81, 04, 00, 00, 8B, F0, 8D, 7D, 51, 57, 56, FF, 95, 05, 0F, 00, 00, AB, B0, 00, AE, 75, FD, 38, 07, 75, EE, 8D, 45, 7A, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72, 74, 75, 61, 6C, 46, 72, 65, 65, 00, 56, 69, 72, 74...
 
[+]

Entropy:
7.9582

Packer / compiler:
ASPack v2.12

Code size:
1.3 MB (1,351,168 bytes)

The file 高清版1280p_vod_ca12.exe has been seen being distributed by the following URL.

Remove 高清版1280p_vod_ca12.exe - Powered by Reason Core Security