home

1977c90c82b305da9fbc7c7cf90f3189.exe

BeiJing Baidu Netcom Science Technology Co., Ltd

This is a setup program which is used to install the application. The file has been seen being downloaded from j.br.baidu.com.
Publisher:
BeiJing Baidu Netcom Science Technology Co., Ltd  (signed and verified)

MD5:
4a05e3d0931491716c2f67ea193b721f

SHA-1:
63246608cc6ecae361de3331070231174d46df1b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 6:30:50 AM UTC  (today)

File size:
9 MB (9,448,944 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\1977c90c82b305da9fbc7c7cf90f3189.exe

Digital Signature
Signed by:
BeiJing Baidu Netcom Science Technology Co., Ltd

Authority:
Symantec Corporation

Valid from:
12/15/2015 8:00:00 AM

Valid to:
2/7/2018 7:59:59 AM

Subject:
CN="BeiJing Baidu Netcom Science Technology Co., Ltd", OU=" Engineering Excellence", O="BeiJing Baidu Netcom Science Technology Co., Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
1FD2D30E260FC289CFAF11518F2CD36F

File PE Metadata
Compilation timestamp:
5/12/2016 3:35:00 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:gA9+vgzn9EJBGwaC2tIkwfkDuZo9VSi02M757T7ENZzJ09QELBgl+gThk:t97zn9EPGwaC2WYDSo9VO2W9vUZd09PT

Entry address:
0x11C32E3

Entry point:
E8, C8, 04, 00, 00, 46, 66, 89, 74, 24, 04, 9C, 9C, 10, D2, 88, 64, 24, 04, FF, 74, 24, 04, 56, FF, 74, 24, 48, C2, 4C, 00, 00, 00, 52, 65, 67, 43, 6C, 6F, 73, 65, 4B, 65, 79, 00, 00, 00, 47, 65, 74, 45, 6E, 76, 69, 72, 6F, 6E, 6D, 65, 6E, 74, 53, 74, 72, 69, 6E, 67, 73, 57, 00, 8D, 64, 24, 08, 0F, 84, CE, 26, 72, FF, 60, 01, F8, F9, 38, E5, E8, B8, 70, 70, FF, 74, 32, 81, C1, 15, 87, E4, 69, 9A, 5C, FE, 28, 3B, 55, 4E, 34, 27, 6D, 7E, 20, 8A, 74, 67, 19, B3, 69, D3, 35, 0D, DF, C3, 20, D6, 4F, 8D, 8E, E5...
 
[+]

Entropy:
7.8060  (probably packed)

Code size:
514.5 KB (526,848 bytes)

The file 1977c90c82b305da9fbc7c7cf90f3189.exe has been seen being distributed by the following URL.

http://j.br.baidu.com/v1/t/full/p/mini/tn/.../ch_dl_url

Scan 1977c90c82b305da9fbc7c7cf90f3189.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.