home

aiyingyong_pc_v4.4.exe

爱应用PC版

北京新锋艾普网络科技有限公司

This is a setup program which is used to install the application. The file has been seen being downloaded from download.xapcn.com.
Publisher:
xapcn.com  (signed by 北京新锋艾普网络科技有限公司)

Product:
爱应用PC版

Version:
4.8.0.0

MD5:
8cba1ebdefe0325c4a80a29fe8d22106

SHA-1:
fe24d253cd99246abd0796c3f9b35a0abb2370e3

SHA-256:
7da6c9d951c17fd4f39e029c2f5363b7fcb991b852f2d3b303c3c690130b1a70

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/5/2024 2:37:05 AM UTC  (today)

Scan engine
Detection
Engine version

IKARUS anti.virus
Trojan.MSIL.EzirizNetReactor
t3scan.1.8.9.0

File size:
13.1 MB (13,710,616 bytes)

Product version:
4.8.0.0

Copyright:
xapcn.com

Original file name:
AiYingYong.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Common path:
C:\users\{user}\downloads\programs\aiyingyong_pc_v4.4.exe

Digital Signature
Signed by:
北京新锋艾普网络科技有限公司

Authority:
WoSign CA Limited

Valid from:
8/13/2014 1:01:44 PM

Valid to:
10/13/2015 1:01:44 PM

Subject:
CN=北京新锋艾普网络科技有限公司, E=mujianxin@xapcn.com, O=北京新锋艾普网络科技有限公司, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
234F65F880F7DD553F49D36D18A06645

File PE Metadata
Compilation timestamp:
3/26/2015 8:05:09 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
393216:L/crCsczFCIKqnHcbPkedwZ7P4xHAVQFA:L/crvczFCmHleWN6HAcA

Entry address:
0x129A48

Entry point:
E8, 84, 8F, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, 30, C9, 5A, 00, 75, 02, F3, C3, E9, AE, 18, 00, 00, 51, C7, 01, B4, E6, 57, 00, E8, EF, 94, 00, 00, 59, C3, 55, 8B, EC, 8D, 41, 09, 50, 8B, 45, 08, 83, C0, 09, 50, E8, 4E, 94, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 55, 8B, EC, 56, 8B, F1, E8, C9, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, B9, 8C, EE, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 56, 6A, 04, 6A, 20, E8, 17, 95, 00, 00, 59, 59, 8B, F0, 56, FF, 15, EC, 42, 55, 00, A3, 00, 59, 5B, 00, A3, FC...
 
[+]

Entropy:
7.8563  (probably packed)

Code size:
1.3 MB (1,388,032 bytes)

The file aiyingyong_pc_v4.4.exe has been seen being distributed by the following URL.

http://download.xapcn.com/soft/.../aiyingyong_pc_v4.2.exe

Scan aiyingyong_pc_v4.4.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.