» 9[qlt600].2.10328500390_176342.exe
Overview
Analysis
File Details
Downloads (1)

9[qlt600].2.10328500390_176342.exe

悠扬棋牌大厅安装程序

无锡新游网络科技有限公司

The application 9[qlt600].2.10328500390_176342.exe by 无锡新游网络科技有限公司 has been detected as a potentially unwanted program by 14 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from down3.baiduwebgame.com.

File name:

Publisher:

免费赢奖品的棋牌游戏 (signed by 无锡新游网络科技有限公司)

Product:

悠扬棋牌大厅安装程序

Version:

1.0.0.1

MD5:

b6f4b10092bcbdcf525a94d5cc37ff52

SHA-1:

da57a8ccd7be0c0f0ee487024f68618b52a7ba19

SHA-256:

46d9716fc42805f8e8cafa0c498a1ecb07d460e83926e4b0264c00251dd2061b

Scanner detections:

14 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 5:23:51 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.Installer

2015.06.23

Avira AntiVirus

TR/Rogue.5794464

8.3.1.6

avast!

Win32:Malware-gen

2014.9-150630

AVG

Fat-Obfuscated

2016.0.3062

Comodo Security

UnclassifiedMalware

22578

F-Secure

Packed:W32/PeCan.A

11.2015-30-06_3

IKARUS anti.virus

Backdoor.Win32.Zegost

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.205.16325

McAfee

BackDoor-EXZ

5600.6718

Microsoft Security Essentials

Trojan:Win32/Skeeyah!bit

1.1.11804.0

Panda Antivirus

Trj/Genetic.gen

15.06.30.11

Sophos

Mal/Generic-S

4.98

Trend Micro

TROJ_GEN.R047C0PEG15

10.465.30

VIPRE Antivirus

Trojan.Win32.Generic

41380

File size:

5.5 MB (5,794,464 bytes)

Product version:

1.0.0.1

Original file name:

SkyGameInstaller.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\9[qlt600].2.10328500390_176342.exe

Digital Signature

Signed by:

无锡新游网络科技有限公司

Authority:

WoSign CA Limited

Valid from:

12/16/2014 3:06:48 PM

Valid to:

12/16/2015 3:06:48 PM

Subject:

CN=无锡新游网络科技有限公司, O=无锡新游网络科技有限公司, L=无锡市, S=江苏省, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

1E3131184EF0B55083F06689D6B96957

File PE Metadata

Compilation timestamp:

4/23/2015 6:19:06 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

98304:v+1TI2U5NWaEXzc1cl9G5EkEAyvPfSfMPwODyzX5RwPsRVjiGpM:vATLTzcelo2AyvSUdsXDwkR1iGpM

Entry address:

0xB842FE

Entry point:

68, 0A, 43, F8, 00, 68, 19, 43, F8, 00, C3, 6B, 68, 19, 43, F8, 00, C3, 9B, 74, 79, 67, 97, 48, E4, B5, 48, 60, E9, 03, 00, 00, 00, 9C, 58, AD, 54, E9, 03, 00, 00, 00, 14, 20, B2, 68, 36, 43, F8, 00, E9, 94, 07, 00, 00, 69, 68, 46, 43, F8, 00, C3, 4C, 7A, DE, 9C, 93, 4E, AA, 9B, A8, 13, C3, 9D, 68, 54, 43, F8, 00, E9, 10, 00, 00, 00, 10, 4D, 68, 62, 43, F8, 00, C3, 7E, D1, 73, ED, CB, 01, DE, FD, 58, 68, 7F, 43, F8, 00, 68, 0C, 40, F8, 00, 68, 06, 40, F8, 00, 68, 03, 40, F8, 00, 68, 00, 40, F8, 00, C3, 68... 
[+]

Entropy:

7.9114 (probably packed)

Code size:

1.2 MB (1,266,176 bytes)

The file 9[qlt600].2.10328500390_176342.exe has been seen being distributed by the following URL.

http://down3.baiduwebgame.com/qipai/.../9[qlt600].2.10328500390_176346.exe

Remove 9[qlt600].2.10328500390_176342.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.