home

bysever.exe

SHENGJUGUANG ONLINE INFORMATION TECHNOLOGY CO., LTD

The application bysever.exe by SHENGJUGUANG ONLINE INFORMATION TECHNOLOGY CO. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
快释便压程序  (signed by SHENGJUGUANG ONLINE INFORMATION TECHNOLOGY CO., LTD)

Product:
快释便压程序

Version:
12.12.12.22

MD5:
fb4dc26c2ba7ef131212a3a660eb5c98

SHA-1:
3937fa38492afbe018d8ca4cb0ec741653bca8d2

SHA-256:
43afa33ae4a4386b147491fe3e0523eee9e1f7a463ea949c423e4bb0e982c0d7

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/18/2024 12:37:37 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SHENGJUG (M)
16.7.4.19

File size:
684.8 KB (701,232 bytes)

Product version:
12.12.12.22

Copyright:
2014年程序

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\bianya2\201408201743\bysever.exe

Digital Signature
Signed by:
SHENGJUGUANG ONLINE INFORMATION TECHNOLOGY CO., LTD

Authority:
WoSign CA Limited

Valid from:
8/18/2014 11:57:45 AM

Valid to:
8/18/2015 11:57:45 AM

Subject:
CN="SHENGJUGUANG ONLINE INFORMATION TECHNOLOGY CO., LTD", E=kvzy126@qq.com, O="SHENGJUGUANG ONLINE INFORMATION TECHNOLOGY CO., LTD", L=Nanning, S=Guangxi Zhuangzu Zizhiqu, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
638EE520CBA58047BC1DFA9563FC24F8

File PE Metadata
Compilation timestamp:
6/20/1992 7:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:SQJjpSrG21WpYPnoPI7i0zH6Ahy6gmXu+jTEDV6sRJFO8SO91uYs79abMALrsBn:SQRArnoPIO0zhg6gmXuT/SQ125iZgJ

Entry address:
0x1DEA4F

Entry point:
68, 0F, 27, FD, 6B, E8, 98, D3, 02, 00, 00, 00, 4C, 65, 61, 76, 65, 43, 72, 69, 74, 69, 63, 61, 6C, 53, 65, 63, 74, 69, 6F, 6E, 00, 00, 00, 53, 68, 6F, 77, 4F, 77, 6E, 65, 64, 50, 6F, 70, 75, 70, 73, 00, 00, 00, 57, 69, 6E, 48, 65, 6C, 70, 41, 00, 68, 87, 5A, FD, FB, E8, 8F, F0, 02, 00, B0, 99, 8E, 4F, 0B, 00, 00, 53, 65, 74, 43, 61, 70, 74, 75, 72, 65, 00, 00, 00, 50, 6F, 73, 74, 51, 75, 69, 74, 4D, 65, 73, 73, 61, 67, 65, 00, 00, 00, 41, 63, 74, 69, 76, 61, 74, 65, 4B, 65, 79, 62, 6F, 61, 72, 64, 4C, 61...
 
[+]

Entropy:
7.8818  (probably packed)

Code size:
2.1 MB (2,151,424 bytes)

Remove bysever.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.