尚未確認的 139683.crdownload

Downloader

Li Xin

The file 尚未確認的 139683.crdownload by Li Xin has been detected as a potentially unwanted program by 27 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.
Publisher:
Li Xin  (signed and verified)

Product:
Downloader

Version:
6.0.0.0

MD5:
1fb83ba00e674ba8bc929b921d472683

SHA-1:
1a19052193a3e0aa55ea4fecf66c2e213043342e

SHA-256:
ec978909b981d12b53fd2b53e235aeb2010b53168f85083fd7f1d4170d497e01

Scanner detections:
27 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 7:23:36 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.14847984
547

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Helper
2015.08.01

Arcabit
Trojan.Generic.DE28FF0
1.0.0.425

avast!
Win32:Trojan-gen
2014.9-150807

AVG
Generic
2016.0.3025

Baidu Antivirus
Trojan.Win32.Generic
4.0.3.1587

Bitdefender
Trojan.Generic.14847984
1.0.20.1095

Bkav FE
W32.Clod965.Trojan
1.3.0.6979

Clam AntiVirus
Win.Trojan.Generickd-1403
0.98/21511

Dr.Web
Trojan.Siggen6.36073
9.0.1.0219

Emsisoft Anti-Malware
Trojan.Generic.14847984
8.15.08.07.01

Fortinet FortiGate
W32/Generic.AC.2003
8/7/2015

G Data
Trojan.Generic.14847984
15.8.25

IKARUS anti.virus
PUA.Softcnapp
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.207.16751

Malwarebytes
Trojan.Downloader
v2015.08.07.01

McAfee
Artemis!1FB83BA00E67
5600.6681

MicroWorld eScan
Trojan.Generic.14847984
16.0.0.657

NANO AntiVirus
Trojan.Win32.Winlock.dqvnat
0.30.24.2668

nProtect
Trojan.Generic.14847984
15.07.31.01

Panda Antivirus
Trj/Genetic.gen
15.08.07.01

Sophos
Mal/Agent-ARF
4.98

Trend Micro
TROJ_GEN.R0EBC0OGB15
10.465.07

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
42492

ViRobot
Adware.Agent.168456.A[h]
2014.3.20.0

File size:
164.5 KB (168,456 bytes)

Product version:
6.0.0.0

Original file name:
Downloader

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\????? 139683.crdownload

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
3/13/2015 9:55:41 AM

Valid to:
3/13/2016 10:55:41 AM

Subject:
CN=Li Xin, L=Yingshan, S=Sichuan, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
4EC8808F9295E7018CE5A64639E18B6B

File PE Metadata
Compilation timestamp:
9/4/2014 1:19:34 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:01W3koFABS+dUjBSWKLcFwmtejWfdpS1OBIHR7hpefFPm:0I2Pd4SWacibYriFhp2m

Entry address:
0x3384

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, A8, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, B8, 2C, 43, 00, E8, FE, 24, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 2B, 43, 00, 8D, 44, 24, 38, 50, 53, 68, 3B, 74, 40, 00, FF, 15, 58, 71, 40, 00, 68, 30, 74, 40, 00, 68, C0, 0B, 43, 00, E8, F0, 23, 00, 00, FF, 15, B0, 70, 40, 00, 50, BF, 00, 70, 44, 00, 57, E8, DE, 23, 00, 00...
 
[+]

Entropy:
7.4885

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Remove 尚未確認的 139683.crdownload - Powered by Reason Core Security