a4862fc1b853f4c1ffe1f10d6f039039.exe

爱思助手 6.0

深圳市为爱普信息技术有限公司

Publisher:

Product:
爱思助手 6.0

Version:
6.1.8.0

MD5:
a4862fc1b853f4c1ffe1f10d6f039039

SHA-1:
0d140eb9da8cb6f4504016bf9f2ab6e80fd88c98

SHA-256:
387ae4a66f5a7b7788faee61a763e26b348c981f7eced3210c253e501502542f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 8:31:30 AM UTC  (today)

File size:
9.3 MB (9,776,496 bytes)

Product version:
6.1.8.0

Copyright:
Copyright (C) 2015

Original file name:
i4Tools.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\a4862fc1b853f4c1ffe1f10d6f039039.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
2/25/2016 11:20:32 PM

Valid to:
6/20/2016 1:09:33 AM

Subject:
CN=深圳市为爱普信息技术有限公司, OU=IT Dept., O=深圳市为爱普信息技术有限公司, L=Shenzhen, S=Guangdong, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121489EB7D6639A5B0CB949A9C319C024FE

File PE Metadata
Compilation timestamp:
4/9/2016 9:14:13 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:8q3JzpGGp7o9OfJBDPvIfbe7sXv3pa+z82:8iJoU7BfPPvIff3pa+z82

Entry address:
0x3A3A40

Entry point:
E8, 66, 05, 00, 00, E9, 1C, FD, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 24, D7, C7, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 24, D7, C7, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B...
 
[+]

Entropy:
7.0958

Code size:
4.1 MB (4,349,952 bytes)

The file a4862fc1b853f4c1ffe1f10d6f039039.exe has been seen being distributed by the following URL.

Scan a4862fc1b853f4c1ffe1f10d6f039039.exe - Powered by Reason Core Security