» alicalendar.exe
Overview
Analysis
File Details
Behaviors (1)

alicalendar.exe

杭州凤侠网络科技有限公司

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘alirili’.

File name:

alicalendar.exe

Publisher:

游侠日历 (signed by 杭州凤侠网络科技有限公司)

Product:

游侠日历

Version:

1.0.0.1

MD5:

52a009bdc6e2ee73799ccb1b5310518e

SHA-1:

3d131a01a569f3d142503273e22155539c40fe6b

SHA-256:

df3315820fb6bda7d66a2a1ec11a50b16cd9fb6966c5bf33e55e710104e0d7a3

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

11/14/2024 4:23:59 PM UTC (today)

Scan engine

Detection

Engine version

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

File size:

783.1 KB (801,864 bytes)

Product version:

1.0.0.1

Original file name:

YXCalendar.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\ali213\alirili\alicalendar.exe

Digital Signature

Signed by:

杭州凤侠网络科技有限公司

Authority:

WoSign eCommerce Services Limited

Valid from:

8/14/2013 3:26:25 AM

Valid to:

8/16/2014 6:31:13 AM

Subject:

E=ali213@ali213.net, CN=杭州凤侠网络科技有限公司, O=杭州凤侠网络科技有限公司, L=杭州市, S=浙江省, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:

1843FA15DAB7BA

File PE Metadata

Compilation timestamp:

6/16/2014 1:38:02 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:F/WGUX2B3ImojSnIOuNlGm5gn6NsUCEFje5BP:ZWGBB3ImoGnlyFjqP

Entry address:

0x3D14E

Entry point:

E8, 3F, B4, 00, 00, E9, 78, FE, FF, FF, 6A, 10, 68, 50, 03, 49, 00, E8, 10, 0D, 00, 00, 8B, 5D, 08, 85, DB, 75, 0E, FF, 75, 0C, E8, 3F, CF, FF, FF, 59, E9, CC, 01, 00, 00, 8B, 75, 0C, 85, F6, 75, 0C, 53, E8, F6, CF, FF, FF, 59, E9, B7, 01, 00, 00, 83, 3D, C8, D1, 49, 00, 03, 0F, 85, 93, 01, 00, 00, 33, FF, 89, 7D, E4, 83, FE, E0, 0F, 87, 8A, 01, 00, 00, 6A, 04, E8, 23, 43, 00, 00, 59, 89, 7D, FC, 53, E8, 4C, 43, 00, 00, 59, 89, 45, E0, 3B, C7, 0F, 84, 9E, 00, 00, 00, 3B, 35, D4, D1, 49, 00, 77, 49, 56, 53... 
[+]

Entropy:

6.3784

Code size:

494 KB (505,856 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

alirili

Command:

C:\Program Files\ali213\alirili\alicalendar.exe

Scan alicalendar.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.