18a27b5232664c8237464dcb2d5587e6.exe

爱思助手 6.0

深圳市为爱普信息技术有限公司

Publisher:

Product:
爱思助手 6.0

Version:
6.1.8.0

MD5:
18a27b5232664c8237464dcb2d5587e6

SHA-1:
9a49b9599bf987350b6024dda648e80d5ba25f91

SHA-256:
328d2461742bcc48494621b01619273c4dee665a9b3c4aac08b150d5c24b1b58

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 8:30:39 AM UTC  (today)

File size:
9.4 MB (9,859,952 bytes)

Product version:
6.1.8.0

Copyright:
Copyright (C) 2015

Original file name:
i4Tools.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\18a27b5232664c8237464dcb2d5587e6.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
2/26/2016 3:20:32 PM

Valid to:
6/20/2016 4:09:33 PM

Subject:
CN=深圳市为爱普信息技术有限公司, OU=IT Dept., O=深圳市为爱普信息技术有限公司, L=Shenzhen, S=Guangdong, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121489EB7D6639A5B0CB949A9C319C024FE

File PE Metadata
Compilation timestamp:
5/31/2016 8:59:46 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:ZvKaBTglfKQWjrBZZHdp2gyfNxcaF51E59xD1vgMmW3K11pMP0o0TfNZ/e7u3X3m:mfFWB9pPGiP1vG7qPvIfbe7sXv3CmpM

Entry address:
0x3AEF20

Entry point:
E8, 65, 05, 00, 00, E9, 1C, FD, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 28, 09, C9, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 28, 09, C9, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B...
 
[+]

Entropy:
7.0871

Code size:
4.2 MB (4,402,688 bytes)

The file 18a27b5232664c8237464dcb2d5587e6.exe has been seen being distributed by the following URL.

Scan 18a27b5232664c8237464dcb2d5587e6.exe - Powered by Reason Core Security