» 2xv1untoyzmtvvomjqr5skpzi2xv1untoyzmtvvomjqr5skpzi_a14.exe
Overview
Analysis
File Details
Downloads (1)

2xv1untoyzmtvvomjqr5skpzi2xv1untoyzmtvvomjqr5skpzi_a14.exe

Beijing Caiyunshidai Technology Co., Ltd.

The application 2xv1untoyzmtvvomjqr5skpzi2xv1untoyzmtvvomjqr5skpzi_a14.exe by Beijing Caiyunshidai Technology Co. has been detected as a potentially unwanted program by 3 anti-malware scanners. The file has been seen being downloaded from aurevoir.club.

File name:

Publisher:

Beijing Caiyunshidai Technology Co., Ltd. (signed and verified)

Version:

201607131134

MD5:

ae3e91ac51c0a766c4aaeb41c491358b

SHA-1:

1545d2c70c72853862a865edb417ef3841aa7b2a

SHA-256:

942a8ed912b91de10c869e0b2c731f991d24d691ffbb907333ca1729b7d3ae53

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

12/26/2024 4:54:19 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Mutabaha.1459

9.0.1.05190

Microsoft Security Essentials

Threat.Undefined

1.225.1590.0

Reason Heuristics

Adware.ELEX.SpeedSearch.Meta (M)

16.7.18.13

File size:

389.6 KB (398,920 bytes)

Product version:

201607131134

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\2xv1untoyzmtvvomjqr5skpzi\2xv1untoyzmtvvomjqr5skpzi2xv1untoyzmtvvomjqr5skpzi_a14.exe

Digital Signature

Signed by:

Beijing Caiyunshidai Technology Co., Ltd.

Authority:

thawte, Inc.

Valid from:

7/8/2016 2:00:00 AM

Valid to:

3/4/2017 1:59:59 AM

Subject:

CN="Beijing Caiyunshidai Technology Co., Ltd.", O="Beijing Caiyunshidai Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

68ABFE20A69E767F5A1A64B947DB7B54

File PE Metadata

Compilation timestamp:

7/13/2016 5:40:00 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:1B8S9Z0RCz9wHprMXFE9kv++TmRcafseR9h7Dxd:cNAYJ+i9OPmserhpd

Entry address:

0x2FD00

Entry point:

E8, E6, 89, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, FF, 15, 0C, F1, 44, 00, 6A, 01, A3, D4, 10, 46, 00, E8, 33, 8F, 00, 00, FF, 75, 08, E8, C8, 8E, 00, 00, 83, 3D, D4, 10, 46, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 19, 8F, 00, 00, 59, 68, 09, 04, 00, C0, E8, 96, 8E, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 97, 50, 01, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, B8, 0E, 46, 00, 89, 0D, B4, 0E, 46, 00, 89, 15, B0, 0E, 46, 00, 89, 1D, AC, 0E, 46, 00, 89, 35, A8, 0E, 46, 00, 89, 3D, A4... 
[+]

Entropy:

6.4288

Code size:

311.5 KB (318,976 bytes)

The file 2xv1untoyzmtvvomjqr5skpzi2xv1untoyzmtvvomjqr5skpzi_a14.exe has been seen being distributed by the following URL.

http://aurevoir.club/.../310714_a14.exe

Remove 2xv1untoyzmtvvomjqr5skpzi2xv1untoyzmtvvomjqr5skpzi_a14.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.