» 美食大战老鼠小迪辅助2.4.exe
Overview
Analysis
File Details

美食大战老鼠小迪辅助2.4.exe

美食辅助

Indigo Rose Software Design Corporation

The application 美食大战老鼠小迪辅助2.4.exe, “xdfz520.isitestar.cn” by Indigo Rose Software Design has been detected as a potentially unwanted program by 8 anti-malware scanners.

File name:

美食大战老鼠小迪辅助2.4.exe

Publisher:

小迪技术组 (signed by Indigo Rose Software Design Corporation)

Product:

美食辅助

Description:

xdfz520.isitestar.cn

Version:

1.0.0.0

MD5:

1a37ca65b3f975b6c2f891f1d3e35020

SHA-1:

9ff535f9a49574f614debfbc215b11ddaf23b4e4

SHA-256:

40316eeb4fc4ff68f246815079b61eb16b1c5cc1fb5945f19c221c1260fa4519

Scanner detections:

8 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 11:35:09 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Fortinet FortiGate

W32/TrojanDownloader.CH!tr

3/11/2017

G Data

Win32.Adware.FlyStudio

17.3.25

K7 AntiVirus

Riskware

13.242.21091

Kaspersky

Trojan.Win32.Agent.nexngh

14.0.0.-1291

McAfee

RDN/Generic.sts

5600.6099

NANO AntiVirus

Trojan.Win32.Agent.egubsl

1.0.38.11822

Panda Antivirus

Trj/CI.A

17.03.11.02

Qihoo 360 Security

Trojan.Generic

1.0.0.1120

File size:

640.7 KB (656,104 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\美食大战老鼠小迪辅助2.4.exe

Digital Signature

Signed by:

Indigo Rose Software Design Corporation

Authority:

Indigo Rose Software Design Corporation

Valid from:

2/1/2015 12:00:00 AM

Valid to:

2/1/2025 12:00:00 AM

Subject:

CN=Indigo Rose Software Design Corporation, OU=Security Labs, O=Indigo Rose Software Design Corporation, L=Indigo, S=Indigo, C=CN

Issuer:

CN=Indigo Rose Software Design Corporation, OU=Security Labs, O=Indigo Rose Software Design Corporation, L=Indigo, S=Indigo, C=CN

Serial number:

AD28393F864B19B04844E94E34F5987E

File PE Metadata

Compilation timestamp:

8/20/2016 9:55:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x1BB600

Entry point:

60, BE, 00, F0, 52, 00, 8D, BE, 00, 20, ED, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 70, 90, 1B, 00, 57, 83, C3, 04, 53, 68, F4, C5, 08, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Entropy:

7.7639 (probably packed)

Code size:

568 KB (581,632 bytes)

Remove 美食大战老鼠小迪辅助2.4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.