home

autoupdate.exe

Beijing Qichuangshidai Technology Co., Ltd.

Publisher:
Beijing Qichuangshidai Technology Co., Ltd.  (signed and verified)

MD5:
1ec7c3216ab92b95e990c899c6dd0a22

SHA-1:
9bfc8fc391d23403d8dc6a4deb2f5c50b58ac71b

SHA-256:
9a2f4e90fbbdb9f7f0879d03d59d6c4cea4d8649c8d4b36c84a9f05eed99d7ce

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/28/2024 7:05:36 AM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
Suspicious_GEN.F47V0811
7.2.60

File size:
315.4 KB (323,008 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\meimotuan\autoupdate.exe

Digital Signature
Signed by:
Beijing Qichuangshidai Technology Co., Ltd.

Authority:
WoSign CA Limited

Valid from:
3/20/2014 4:33:30 PM

Valid to:
3/20/2015 4:33:30 PM

Subject:
CN="Beijing Qichuangshidai Technology Co., Ltd.", E=qichuang_keji@yeah.net, O="Beijing Qichuangshidai Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
0E2A14EAF7A0F6F4256ABF3C805C3AF7

File PE Metadata
Compilation timestamp:
5/28/2014 12:22:16 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:OpHlCMD5FIzfHJNiJS4wif8/ip7+xAdIPUkACYwo3/G30yBte9TezIe:WFCM2LiJS5if8/i7TIPMwoPHH9St

Entry address:
0x19FA2

Entry point:
E8, B5, 9C, 00, 00, E9, 40, FE, FF, FF, 6A, 00, FF, 74, 24, 14, FF, 74, 24, 14, FF, 74, 24, 14, FF, 74, 24, 14, E8, 2D, 9D, 00, 00, 83, C4, 14, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74...
 
[+]

Entropy:
6.2321

Code size:
184 KB (188,416 bytes)

Scan autoupdate.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.