» 9[qlt600].2.10328500390_176342.exe
Overview
Analysis
File Details

9[qlt600].2.10328500390_176342.exe

悠扬棋牌大厅安装程序

无锡新游网络科技有限公司

The application 9[qlt600].2.10328500390_176342.exe by 无锡新游网络科技有限公司 has been detected as a potentially unwanted program by 20 anti-malware scanners.

File name:

Publisher:

免费赢奖品的棋牌游戏 (signed by 无锡新游网络科技有限公司)

Product:

悠扬棋牌大厅安装程序

Version:

1.0.0.1

MD5:

6fd0ce6c08c46ba26f0454e6d067cd23

SHA-1:

497054c8fb2e8bc5e474b0eb4a02ae3c9587c24e

SHA-256:

64760b55130fd3dcb83184213c56f408665908c426ef3950fdf6b31952f5ca48

Scanner detections:

20 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 10:34:31 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.14847946

AhnLab V3 Security

PUP/Win32.Installer

2016.05.10

Avira AntiVirus

TR/Rogue.5796000

8.3.3.4

Arcabit

Trojan.Generic.DE28FCA

1.0.0.672

avast!

Win32:Malware-gen

2014.9-170111

AVG

Fat-Obfuscated

2018.0.2502

Bitdefender

Trojan.Generic.14847946

1.0.20.55

Comodo Security

UnclassifiedMalware

24980

Emsisoft Anti-Malware

Trojan.Generic.14847946

8.17.01.11.01

F-Secure

Packed:W32/PeCan.A

11.2017-11-01_4

G Data

Trojan.Generic.14847946

17.1.25

IKARUS anti.virus

Backdoor.Win32.Zegost

t3scan.2.0.9.0

K7 AntiVirus

Trojan

13.224.19557

McAfee

BackDoor-EXZ

5600.6158

MicroWorld eScan

Trojan.Generic.14847946

18.0.0.33

nProtect

Trojan.Generic.14847946

16.05.09.01

Panda Antivirus

Trj/Genetic.gen

17.01.11.01

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Win32.Malware!Drop

49270

Zillya! Antivirus

Adware.DealPly.Win32.1918

2.0.0.2853

File size:

5.5 MB (5,796,000 bytes)

Product version:

1.0.0.1

Original file name:

SkyGameInstaller.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\9[qlt600].2.10328500390_176342.exe

Digital Signature

Signed by:

无锡新游网络科技有限公司

Authority:

WoSign CA Limited

Valid from:

12/16/2014 3:06:48 PM

Valid to:

12/16/2015 3:06:48 PM

Subject:

CN=无锡新游网络科技有限公司, O=无锡新游网络科技有限公司, L=无锡市, S=江苏省, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

1E3131184EF0B55083F06689D6B96957

File PE Metadata

Compilation timestamp:

2/10/2015 4:35:27 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

Entry address:

0xB84303

Entry point:

68, 0F, 43, F8, 00, E9, 10, 00, 00, 00, 1B, B7, 68, 1D, 43, F8, 00, C3, CF, 85, A4, B1, BB, BD, 47, 24, 60, E9, 02, 00, 00, 00, 27, 14, 54, 68, 2E, 43, F8, 00, C3, 14, C1, 68, 3B, 43, F8, 00, 68, CE, 4A, F8, 00, C3, 66, 90, E9, 09, 00, 00, 00, E8, 42, 24, 9F, F7, 09, 30, 93, 15, C3, B1, 48, 68, 58, 43, F8, 00, E9, 11, 00, 00, 00, 44, 1C, E9, 0A, 00, 00, 00, 70, 16, 0E, 9A, 0B, 2C, 5A, 4E, 6A, DC, 58, 68, 84, 43, F8, 00, 68, 0C, 40, F8, 00, 68, 07, 40, F8, 00, 68, 03, 40, F8, 00, E9, 7F, FC, FF, FF, D6, 70... 
[+]

Entropy:

7.9113 (probably packed)

Code size:

1.2 MB (1,266,176 bytes)

Remove 9[qlt600].2.10328500390_176342.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.