home

251b12e4-2b16-4137-a490-62803a8a51ab-uninstall.exe

游侠云盒

杭州凤侠网络科技有限公司

The executable 251b12e4-2b16-4137-a490-62803a8a51ab-uninstall.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
游侠网  (signed by 杭州凤侠网络科技有限公司)

Product:
游侠云盒

Version:
1.0.1.238

MD5:
534772d1a2310379aaefc0982a810127

SHA-1:
35a900bc602d6f13626875930627b72f5ff63b30

SHA-256:
950bacc453d9e370a6d0e1a8d8c4db82c8dec6fcf9317558be588bdcf1f2fe1e

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/14/2024 4:30:23 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.6.17.19

File size:
9.8 MB (10,261,576 bytes)

Product version:
1.0.1.238

Copyright:
游侠网

Original file name:
游侠云盒.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\251b12e4-2b16-4137-a490-62803a8a51ab-uninstall.exe

Digital Signature
Signed by:
杭州凤侠网络科技有限公司

Authority:
WoSign eCommerce Services Limited

Valid from:
8/14/2013 3:26:25 AM

Valid to:
8/16/2014 6:31:13 AM

Subject:
E=ali213@ali213.net, CN=杭州凤侠网络科技有限公司, O=杭州凤侠网络科技有限公司, L=杭州市, S=浙江省, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:
1843FA15DAB7BA

File PE Metadata
Compilation timestamp:
4/28/2014 1:36:27 AM

OS version:
4.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:VQA7DvDOeemcAQBq/bxNE7ZN5oCoa1/4NJOhtrqNt+pQ:Vr/vDOegL0VNgN5oCorJOhtrqNwpQ

Entry address:
0x57CA3

Entry point:
E8, F9, 9D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 38, 08, 00, 00, 8B, FF, 51, C7, 01, 1C, B4, 47, 00, E8, 76, 9E, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, CC, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, B2, 9E, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, C7, 01, 24, B4, 47, 00, E9, 08, A0, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 24, B4, 47, 00, E8...
 
[+]

Entropy:
6.6295

Code size:
487 KB (498,688 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.