» a-zm-180863-v2.exe
Overview
Analysis
File Details
Downloads (12)

a-zm-180863-v2.exe

易书海

This is a setup program which is used to install the application. The file has been seen being downloaded from www.baidu.com and multiple other hosts.

File name:

a-zm-180863-v2.exe

Publisher:

易书海 (signed and verified)

MD5:

9f1b695f65e50cabe7fd815a93913e51

SHA-1:

9a98426fb8761a21bc34915239ca98cee5aa1e0e

SHA-256:

9bb4e8f5c36efa1d11743f928374d29c8db56e7e4ed987c1789beb2deb73e783

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/5/2024 11:25:10 AM UTC (today)

File size:

1.1 MB (1,138,008 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\a-zm-180863-v2.exe

Digital Signature

Signed by:

易书海

Authority:

WoSign CA Limited

Valid from:

5/5/2014 5:12:50 AM

Valid to:

5/6/2015 5:12:50 AM

Subject:

CN=易书海, E=tenmens@163.com, L=萍乡市, S=江西省, C=CN

Issuer:

CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

6AD3D46989A7CCD7B9C6EF3841AF1FB3

File PE Metadata

Compilation timestamp:

8/8/2014 5:49:28 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:ixngPEGROKO8NCNCf3Husqw0bnY4AVoxfzFwqC0utH:ixngsGRO7roJqw0rY4vxfzFwwud

Entry address:

0x19A9F

Entry point:

55, 8B, EC, 6A, FF, 68, D0, 34, 42, 00, 68, 2C, 9C, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 68, 32, 42, 00, 59, 83, 0D, C8, C2, 42, 00, FF, 83, 0D, CC, C2, 42, 00, FF, FF, 15, 6C, 32, 42, 00, 8B, 0D, 88, A2, 42, 00, 89, 08, FF, 15, 70, 32, 42, 00, 8B, 0D, 84, A2, 42, 00, 89, 08, A1, 74, 32, 42, 00, 8B, 00, A3, C4, C2, 42, 00, E8, 1D, 01, 00, 00, 39, 1D, 50, 91, 42, 00, 75, 0C, 68, 28, 9C, 41, 00, FF, 15, 78, 32... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

136 KB (139,264 bytes)

The file a-zm-180863-v2.exe has been seen being distributed by the following 12 URLs.

http://www.baidu.com/cb.php?c=IgF_pyfqnHR1nj0vP160IZ0qnfK9ujYkn104rjb30Aw-5HDzrjfsPWT0TAq15H6dnWb3PsK15HD3mynsPjcduhNhnhDzn1b0uZfqnHfkPWc1nHb3nfKdThsqpZwYTjCEQvP_pz4dIy4YQhPEUiq_py4oQ1D3PjDknzt0ThfqrHb40AFV5H00TZcqn0KdpyfqnHn4n1DYP6KEpyfqnW6krjb0mv-b5Hn1PHRdnfKEIv3qnWTYrHD0mLFW5Hcknjm3

http://www.baidu.com/cb.php?c=IgF_pyfqnHR1nj0vP160IZ0qnfK9ujYkn1czPWmL0Aw-5HDYnjndnjR0TAq15Hb1nWnYn0K15yn4nvwhn1u9PHuBnHckP1m0uZfqnHfznjckPWn4rfKdThsqpZwYTjCEQvP_pz4dIy4YQhPEUiq_py4oQ1D3PjDknzt0ThfqPsKBUHYs0ZKz5H00Iy-b5HD1rHnkPjm0Uv-b5Hc3nH640APGujY1PWbYnHb0ULI85HcLPjbk0APzm1Ydnj64rf

http://www.baidu.com/cb.php?c=IgF_pyfqnHR1nj0vP160IZ0qnfK9ujYkPHfvPHcY0Aw-5HDdrjbYnWf0TAq15HDsnj6dn1f0T1dWuyRkuj7-ry79ujKbuj0z0AwY5HDYnH64rHT1nHf0IgF_5y9YIZ0lQzqWUA_8IgN8Ia4WUvYEUA-8pztkrjfknHnE0ZFb5Hm0mhYqn0KsTWYs0ZNGujYkn1b1nHfv0AqGujYzrjD3rfKWpyfqn1ndPHRk0AqLUWYzP1f4nfKWThnqnWb3ns

http://www.baidu.com/cb.php?c=IgF_pyfqnHR1nj0vP160IZ0qnfK9ujYkn1czPWmL0Aw-5HDYnjndnjR0TAq15Hb1nWnYn0K15ymkPW9hnHPbuhFbuAwbrjR0uZfqnHfznjc3PW6LPfKdThsqpZwYTjCEQvP_pz4dIy4YQhPEUiq_py4oQ1D3PjDknzt0ThfqPsKBUHYs0ZKz5H00Iy-b5HD1rHnkPjm0Uv-b5Hc3nH640APGujY1PWbYnHb0ULI85HcLPjbk0APzm1YYn103nf

http://www.baidu.com/cb.php?c=IgF_pyfqnHR1nj0vP160IZ0qnfK9ujYkPHfvPHcY0Aw-5HDdrjbYnWf0TAq15HDsnj6dn1f0T1YvPAD3mHmLnvfvrHRkn1wW0AwY5HDYnH6dnjT1PHn0IgF_5y9YIZ0lQzqWUA_8IgN8Ia4WUvYEUA-8pztkrjfknHnE0ZFb5HT0mhYqn0KsTWYs0ZNGujYkn1b1nHfv0AqGujYzrjD3rfKWpyfqn1ndPHRk0AqLUWYzP1f4nfKWThnqnWmknf

http://www.baidu.com/cb.php?c=IgF_pyfqnHR1nj0vP160IZ0qnfK9ujYkn104rjb30Aw-5HDvPHTvnjD0TAq15Hb1nWnYr0K15yPhnHwhuW61nW61ujmLPHb0uZfqnHfznHDdnWb4PsKdThsqpZwYTjCEQvP_pz4dIy4YQhPEUiq_py4oQ1D3PjDknzt0ThfqPsKBUHYs0ZKz5H00Iy-b5HD1rHnkPjm0Uv-b5Hc3nH640APGujY1PWbYnHb0ULI85HcLPjbk0APzm1YzP1D4nf

http://www.baidu.com/cb.php?c=IgF_pyfqnHR1nj0vP160IZ0qnfK9ujYkPHfvPHcY0Aw-5HDdrjbYnWf0TAq15HDsnj6dn1f0T1Y3njb3mycdn1c1PyRzrH6L0AwY5HDYnW01njmzn1m0IgF_5y9YIZ0lQzqWUA_8IgN8Ia4WUvYEUA-8pztkrjfknHnE0ZFb5Hm0mhYqn0KsTWYs0ZNGujYkn1b1nHfv0AqGujYzrjD3rfKWpyfqn1ndPHRk0AqLUWYzP1f4nfKWThnqPjf4rHf

http://dl.nx5.com/packages/ym/.../a-zm-184113-v12.exe

http://www.baidu.com/cb.php?c=IgF_pyfqnHR1nj0vP160IZ0qnfK9ujYkn104rjb30Aw-5HDzPW63rjc0TAq15H6LPWRLn6K15yFBnjPhuHczPyRLrAnLPhR0uZfqnHfkrHnzrHnLrfKdThsqpZwYTjCEQvP_pz4dIy4YQhPEUiq_py4oQ1D3PjDknzt0ThfqP6KBUHYs0ZKz5H00Iy-b5HD1rHnkPjm0Uv-b5Hc3nH640APGujY1PjckPHT0ULI85HcLPjbk0APzm1YzP1bsns

http://d.haoimg.com/.../a-zm-184113-v3.exe

http://clk.uunt.com/link/.../

http://www.baidu.com/cb.php?c=IgF_pyfqnHR1nj0vP160IZ0qnfK9ujYkn104rjb30Aw-5HDzPW63rjc0TAq15H6LPWRLn6K15H9bPvm3uHbkuWw9uW0YnHc0uZfqnHfkn1TLP1mzP6KdThsqpZwYTjCEQvP_pz4dIy4YQhPEUiq_py4oQ1D3PjDknzt0ThfqPsKBUHYs0ZKz5H00Iy-b5HD1rHnkPjm0Uv-b5Hc3nH640APGujY1PjckPHT0ULI85HcLPjbk0APzm1Y1njDLr0

Scan a-zm-180863-v2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.