home

_@398c.tmp

Xiaodong Wang

The file _@398c.tmp by Xiaodong Wang has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
InterHop  (signed by Xiaodong Wang)

Product:
InterHop

Version:
1.0.1.0

MD5:
8fcb55a05f8f9925f9bdb4427b7adf84

SHA-1:
0045fc56c9845d59a7a2f29988c3f0e48cd48b76

SHA-256:
86e32b62070cddd05c77ae8e08ed78eb55a49c29e9a1bda7803d94a2cc7b36c4

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/6/2024 10:39:50 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.InterHop (M)
16.9.21.13

File size:
149.2 KB (152,808 bytes)

Product version:
1.0.1.0

Copyright:
InterHop

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\_@398c.tmp

Digital Signature
Signed by:
Xiaodong Wang

Authority:
thawte, Inc.

Valid from:
9/21/2016 5:30:00 AM

Valid to:
8/9/2017 5:29:59 AM

Subject:
CN=Xiaodong Wang, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
7EAB916E1AD722DAA745B3DB40B4B049

File PE Metadata
Compilation timestamp:
9/21/2016 7:55:43 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:tOchYtoAUKtVjBUBc3nIDYLblSDK05GrKYsi+bWxQGBTOLNhRS1l:BY/U2VjSBc3oSSDbrYsiJQ9Jbk

Entry address:
0x47CA7

Entry point:
E8, 3A, D2, FF, FF, F6, D8, E8, 3C, 07, 00, 00, 66, 0F, BA, E2, 09, F9, 3B, 45, F0, 60, 8D, 64, 24, 20, 0F, 83, 33, 1C, 00, 00, 60, 8D, BF, DD, F6, 89, 48, 89, C3, 66, 81, D7, 95, 9C, 89, C7, 66, 0F, BA, E9, 06, 80, C1, 05, 66, 0F, BA, E9, 05, 66, 0F, BD, CE, B9, 04, 01, 00, 00, 66, 85, DE, F8, 30, C0, F8, 66, 0F, BA, E1, 01, 53, F2, AE, 50, E9, CA, 46, 00, 00, 00, 00, 50, 61, 74, 68, 41, 70, 70, 65, 6E, 64, 57, 00, F8, F6, D0, 39, C6, 66, 89, 7C, 24, 04, 3A, 07, 0F, C8, 0F, B6, C2, 8D, 7F, 01, 66, 8B, 44...
 
[+]

Entropy:
7.7595  (probably packed)

Code size:
99.5 KB (101,888 bytes)

Remove _@398c.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.