home

770bc6656ddf6c8f26bf2a92e4b368e3.exe

TUnet2015版

清华大学信息化技术中心

Publisher:
清华大学信息化技术中心

Product:
TUnet2015版

Version:
1, 0, 13462, 51127

MD5:
167cdbe16809582f5fbd32a69e71573d

SHA-1:
c122ca1ce8a17c9c9ab01a01f0f9a78c3f41dfbc

SHA-256:
1b6fbd438549a45f56afb82da80bfae58627678b5ef8d7920f04bd6222f3b89d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 3:43:54 PM UTC  (today)

File size:
1.9 MB (1,951,744 bytes)

Product version:
1, 0, 13462, 51127

Copyright:
Copyright 2009-2014 清华大学信息化技术中心

Original file name:
TUnet2015.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\770bc6656ddf6c8f26bf2a92e4b368e3\770bc6656ddf6c8f26bf2a92e4b368e3.exe

File PE Metadata
Compilation timestamp:
11/27/2015 1:39:49 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:7dfGISRchUoDUzWGCvIQsFyEVIppyqHIgbCvQ7xT:p/SRaDoWGCvfsFyE8JNd7

Entry address:
0xB5D97

Entry point:
E8, D5, F1, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 30, 53, 33, DB, F6, 45, 10, 80, 56, 8B, F0, 89, 5D, DC, 88, 5D, FE, 89, 5D, F8, C7, 45, D0, 0C, 00, 00, 00, 89, 5D, D4, 74, 09, 89, 5D, D8, C6, 45, FF, 10, EB, 0A, C7, 45, D8, 01, 00, 00, 00, 88, 5D, FF, 8D, 45, DC, 50, E8, 99, F4, 00, 00, 59, 85, C0, 0F, 85, DD, 06, 00, 00, B8, 00, 80, 00, 00, 85, 45, 10, 75, 12, F7, 45, 10, 00, 40, 07, 00, 75, 05, 39, 45, DC, 74, 04, 80, 4D, FF, 80, 8B, 45, 10, 83, E0, 03, 2B, C3, B9, 00, 00, 00, C0, BA...
 
[+]

Entropy:
7.2069

Code size:
832 KB (851,968 bytes)

The file 770bc6656ddf6c8f26bf2a92e4b368e3.exe has been seen being distributed by the following URL.

https://net.tsinghua.edu.cn/.../Tunet2015.exe

Scan 770bc6656ddf6c8f26bf2a92e4b368e3.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.