» 5d4546a496f155bfee6a6680baa72d5f4e3c1e55
Overview
Analysis
File Details

5d4546a496f155bfee6a6680baa72d5f4e3c1e55

downer for windows

Riyue Tongxing Information Technology (Beijing) Co.,Ltd.

The file 5d4546a496f155bfee6a6680baa72d5f4e3c1e55 by Riyue Tongxing Information Technology (Beijing) Co.,Ltd has been detected as a potentially unwanted program by 4 anti-malware scanners. It is installed within the Mozilla Firefox web browser as part of an addin/plugin.

File name:

Publisher:

Riyue Tongxing Information Technology (Beijing) Co.,Ltd. (signed and verified)

Product:

downer for windows

Version:

1.3.1.14

MD5:

4d9b0ef4074a0e2ccb9e1943dbf86da6

SHA-1:

c653052c57530a6061102caeb81462ee72d5f828

SHA-256:

a03040f8e556a9150318396eb969b02c0c859d10e942d58fc3c35d04b8f2b87e

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

2/25/2025 12:15:32 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Malware-gen

160518-2

Emsisoft Anti-Malware

Gen:Variant.Symmi.60792

11.5.0.6191

ESET NOD32

Win32/Gaofenquming.B potentially unwanted application

8.0.319.0

Norman

Gen:Variant.Symmi.60792

28.05.2016 15:32:18

File size:

1003.5 KB (1,027,566 bytes)

Product version:

1.3.1.14

Riyue Tongxing Information Technology (Beijing) Co.,Ltd.

Original file name:

downer

Common path:

C:\users\{user}\appdata\local\mozilla\firefox\profiles\{user}.default\cache2\entries\5d4546a496f155bfee6a6680baa72d5f4e3c1e55

Digital Signature

Signed by:

Riyue Tongxing Information Technology (Beijing) Co.,Ltd.

Authority:

WoSign CA Limited

Valid from:

11/2/2015 4:43:59 PM

Valid to:

11/2/2016 4:43:59 PM

Subject:

CN="Riyue Tongxing Information Technology (Beijing) Co.,Ltd.", O="Riyue Tongxing Information Technology (Beijing) Co.,Ltd.", STREET="B801A,8F,Block B,S&T Fortune Center,No.8,Xueqing Road,Haidian District", PostalCode=100083, L=Beijing, S=Beijing, C=CN, SERIALNUMBER=110108011321704, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Beijing, OID.1.3.6.1.4.1.311.60.2.1.2=Beijing, OID.1.3.6.1.4.1.311.60.2.1.3=CN

Issuer:

CN=WoSign EV Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

52DC4C31F7609AF339EF3228BD510B83

File PE Metadata

Compilation timestamp:

2/16/2016 9:41:51 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:6PKJecZwWJUySDUX0GBFYO2u1dOmUPx3godX:q7SitIX/BmHu1zUPx3godX

Entry address:

0x258CE0

Entry point:

60, BE, 00, 80, 56, 00, 8D, BE, 00, 90, E9, FF, C7, 87, F8, 29, 18, 00, 43, 2B, 2C, 76, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB... 
[+]

Entropy:

7.8677

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

964 KB (987,136 bytes)

Remove 5d4546a496f155bfee6a6680baa72d5f4e3c1e55 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.