» 1722956_setup.exe
Overview
Analysis
File Details
Downloads (10)

1722956_setup.exe

Hangzhou REBO Information Technology Co.,Ltd.

This is a setup and installation application. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.

File name:

1722956_setup.exe

Publisher:

Zhejiang University (signed by Hangzhou REBO Information Technology Co.,Ltd.)

Description:

Tvants 1.0 International Edition Setup

Version:

1.0

MD5:

6886dfbaf7a5d856b3a809911f4e8141

SHA-1:

c376a589e4289ae77d76644176e397b0e0566456

SHA-256:

7f9935e9f682c1f8cfc31604e632e79cb226ac824c58e9c34ff11007a139e891

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/24/2024 4:20:08 PM UTC (today)

File size:

2.8 MB (2,889,336 bytes)

2005,Zhejiang University

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\1722956_setup.exe

Digital Signature

Signed by:

Hangzhou REBO Information Technology Co.,Ltd.

Authority:

The USERTRUST Network

Valid from:

5/26/2007 10:00:00 AM

Valid to:

5/26/2008 9:59:59 AM

Subject:

CN="Hangzhou REBO Information Technology Co.,Ltd.", O="Hangzhou REBO Information Technology Co.,Ltd.", STREET="7-1-602,Wenjinyuan", STREET="No.108,Rd. Wensan", L=Hangzhou, S=Zhejiang, PostalCode=310000, C=CN

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

4B40CD66F54E97767CA3B4B599BA35AE

File PE Metadata

Compilation timestamp:

4/9/1999 6:24:47 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:7kOUENUb/vCmk2TqiaGBoF5YGakniJ1AoGP8GVoKmcoj/Rm5FY1pI2SQL/:wO5NUTKZiaGyDJaH1Atk30ojZgFYuc/

Entry address:

0x1000

Entry point:

55, 8B, EC, 81, EC, 78, 05, 00, 00, 53, 56, BE, 04, 01, 00, 00, 57, 8D, 85, 94, FD, FF, FF, 56, 33, DB, 50, 53, FF, 15, 34, 20, 40, 00, 8D, 85, 94, FD, FF, FF, 56, 50, 8D, 85, 94, FD, FF, FF, 50, FF, 15, 30, 20, 40, 00, 8B, 3D, 2C, 20, 40, 00, 53, 53, 6A, 03, 53, 6A, 01, 8D, 85, 94, FD, FF, FF, 68, 00, 00, 00, 80, 50, FF, D7, 83, F8, FF, 89, 45, FC, 0F, 84, 7B, 01, 00, 00, 8D, 85, 90, FC, FF, FF, 50, 56, FF, 15, 28, 20, 40, 00, 8D, 85, 98, FE, FF, FF, 50, 53, 8D, 85, 90, FC, FF, FF, 68, 10, 30, 40, 00, 50... 
[+]

Entropy:

7.9971 (probably packed)

Code size:

512 Bytes (512 bytes)

The file 1722956_setup.exe has been seen being distributed by the following 10 URLs.

http://dw.uptodown.com/dwn/g7c9_QHcjyMxpavSpAUz8gPug1vIANfVKblfYUV12-khDCgYGOlyqdxX6iWR5X1dBn2hPTBOdfYeXpn8qGZciIlPJG0SHvR36KCg9vRnXrhSZN14TBcSMZdsN-38F02N/pzp8jqK_t3jM6L9hfGUmjv0QZ4SlIm4oem2nV8BgiYdRk_5AxVCX5KX7dT69dYcAk1qVImjdJmLv38MCQxKJptZp1ElxN0saLtCt1RTX4ueLE7H7L2w3jovAYeOkuNil/MI4ILxmiRNGzQpqp-1nAtk_PKQ8r4EaIjqJy9K5oY05lx2MfaymhuSAMdHoKMzN6Zf3pAzfQkV9eO4W5F59q5Be_3BxMDvUoPs8166aSJD4jAJyemE44p4Xu8HYGG0bG/.../

http://ec.ccm2.net/ccm.net/download/.../TvantsSetup-1.0.0.59.EXE

http://dw.uptodown.com/dwn/KrBxrITbo2Vc3OdLgPfWbbbuRBXIZ8_e7nHf3tdIkDkkXaYe9uZYMHRxOFvzxlkRFz1O8PlTkLz4DPFNdy1KLTOt_KXJ88pkJBXJhI5CEr5rBNPnP-hrxAYjTAfmw_R7/O8wV9jVSZW55X2A3h82nBxqBYD4qMfHpj8fZWy69jZzFfVF88uQ_VV407yei1nlw1Mys-o_7Vuaq6QeTgXutqc9O5UO9inw_WzXMmSc5Q6e7uxUOLQn8Rb6JHlEvCTfm/.../

http://dw.uptodown.com/dwn/EXc13ZtPe-J4oMUxejepbeRR2phPJRB_tFqv5JE5oZtd7aFYu0lYQMapDPMTp6HFxKtT4C3Aj9-qmVfy50igvJqMfe9gdyPDOIFtc2cK4Fp4KHH-MZtmidwI9mUZdKEl/J7HDSCxDDrPxlVYLFE0Nq1Mrx-Sf8GYoaMaOWYoYPKOqlqSFS9b_jvdVXvrVxgxeZZd95Rrz_Dcxmgvd5mhXhjwI1mSGDpque9JHpqVzn2CdPHjGoPYF7RpNv1yTBHHf/.../

http://dw.cn.uptodown.com/dl/1429387904/.../tvants-1.0.0.59.exe

https://dw.uptodown.com/dwn/ls3PrmvyIHBbJednHjvIZvzhSnCBhmRGE65p2DyiMTg03d-8_E2Ty7LVErwxCID60K946RRKQkE9UP0BRmLBXhjmuO6D9KCySFxxfCjZdlcX_lZcHfLzuAg5J2Yr4Ati/pz3UOtAd9sm-bBSmWAfS6fW1xAMBnS0hf-0jxpo9TmYwMBUf1cynK7XaijbI6_odxp8ahgepqgaGWguok5yzAMG5Ui0CpPEw0I0WP5pUWm4c0nxJLgrC1A8fddDJwZ0o/UXcKa9Fqul5TZ17kC8Nw4P0pU4olUowUqIxiUZ2-c9lRvHorYqoxSHV0FERzflQpqnZYHZVjNbp0BNST0gTT7Gskx6txYU-lD0XWUFKQqlJL37bUh1g420c0te-IIkMK/.../

http://ec.ccm2.net/www.commentcamarche.net/download/.../TvantsSetup.EXE

http://110.81.153.254/tech.down.sina.com.cn/20131030/5b9/.../tvantssetup.exe

http://tech.down.sina.com.cn/20131030/5b9/.../tvantssetup.exe

http://down.tech.sina.com.cn/.../d_load.php?d_id=6276&down_id=1&ip=10.81.11.141

Scan 1722956_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.