» a-zm-171923-v6.exe
Overview
Analysis
File Details

a-zm-171923-v6.exe

易书海

File name:

a-zm-171923-v6.exe

Publisher:

易书海 (signed and verified)

MD5:

1c7d40fdb591e8446ef0d05a22ded32d

SHA-1:

907283dd120def7bd249de5b021c9f36ad9bd8e9

SHA-256:

305ea3e8bba5e034e9ad27c691bff19f5754f3462549236ee4c1984bd7a9e719

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

11/24/2024 12:28:38 AM UTC (today)

Scan engine

Detection

Engine version

Qihoo 360 Security

Trojan.Generic

1.0.0.1015

File size:

1015.3 KB (1,039,704 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\a-zm-171923-v6.exe

Digital Signature

Signed by:

易书海

Authority:

WoSign CA Limited

Valid from:

5/5/2014 5:12:50 PM

Valid to:

5/6/2015 5:12:50 PM

Subject:

CN=易书海, E=tenmens@163.com, L=萍乡市, S=江西省, C=CN

Issuer:

CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

6AD3D46989A7CCD7B9C6EF3841AF1FB3

File PE Metadata

Compilation timestamp:

6/16/2014 5:28:15 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:Vx0qzdXQXAq2fWfSCa+/YT7UEElkYr/CfpMRaqY87+fs3CokGO5645lx:j0qzBQLTfSFcqIChMFd+f/oWL5n

Entry address:

0x160BF

Entry point:

55, 8B, EC, 6A, FF, 68, 38, F4, 41, 00, 68, 4C, 62, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, D4, F1, 41, 00, 59, 83, 0D, 24, 70, 42, 00, FF, 83, 0D, 28, 70, 42, 00, FF, FF, 15, D8, F1, 41, 00, 8B, 0D, E8, 4F, 42, 00, 89, 08, FF, 15, DC, F1, 41, 00, 8B, 0D, E4, 4F, 42, 00, 89, 08, A1, E0, F1, 41, 00, 8B, 00, A3, 20, 70, 42, 00, E8, 1D, 01, 00, 00, 39, 1D, C0, 3E, 42, 00, 75, 0C, 68, 48, 62, 41, 00, FF, 15, E4, F1... 
[+]

Entropy:

7.8952

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

120 KB (122,880 bytes)

Scan a-zm-171923-v6.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.