home

602you.exe

游戏盒

Kunshan Yiwan Information Technology Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘GameBoxT’.
Publisher:
Kunshan Yiwan Information Technology Co., Ltd.  (signed and verified)

Product:
游戏盒

Description:
602游戏盒

Version:
5.3.1.2

MD5:
5987713d37eed3dcce2da1985668648a

SHA-1:
15f8c74dae6724456eded2edec8ade23402d2638

SHA-256:
547ff7b14569ead7a41550a7281f449bfe958360e6007aed567d63b2b36367d2

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 11:38:49 AM UTC  (today)

File size:
719.3 KB (736,600 bytes)

Product version:
5.3.1.2

Copyright:
Copyright (C) 2014-2015

Original file name:
602you.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\602gamebox\602you.exe

Digital Signature
Signed by:
Kunshan Yiwan Information Technology Co., Ltd.

Authority:
Thawte, Inc.

Valid from:
12/18/2014 8:00:00 AM

Valid to:
12/19/2015 7:59:59 AM

Subject:
CN="Kunshan Yiwan Information Technology Co., Ltd.", OU=IT, O="Kunshan Yiwan Information Technology Co., Ltd.", L=Kunshan, S=Jiangsu, C=CN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0D23832BC934E7532BDE9381621EE286

File PE Metadata
Compilation timestamp:
1/15/2015 2:06:36 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:XO54KWwbQhhM4Ot7yXpuecjHLNW4QGgh+DD3Hm25jzx43BVS+OpteYHwSn:kGhhM4mScjwigkDbLz+xst35

Entry address:
0x5A0CD

Entry point:
E8, DE, 8C, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, 90, E8, 49, 00, 75, 02, F3, C3, E9, 60, 8D, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 66, 8B, 55, 0C, EB, 07, 66, 3B, CA, 74, 11, 40, 40, 0F, B7, 08, 66, 85, C9, 75, F1, 66, 39, 10, 74, 02, 33, C0, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, 05, 40, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 15, 07, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, E0, 3F, 00, 00, 6A, 22...
 
[+]

Entropy:
6.4175

Code size:
495 KB (506,880 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
GameBoxT

Command:
C:\Program Files\602gamebox\602you.exe auto


Scan 602you.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.