home

calendar.exe

新月日历

Riyue peer information technology (Beijing) Co., Ltd

The application calendar.exe by Riyue peer information technology (Beijing) Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘nCalendar’.
Publisher:
日月同行信息技术(北京)有限公司  (signed by Riyue peer information technology (Beijing) Co., Ltd)

Product:
新月日历

Description:
日历主程序

Version:
1, 1, 5, 18

MD5:
de084194fe87b63682006fa5bc961e22

SHA-1:
373a22ba87425450fbcab15c5c38968709a7badf

SHA-256:
5f78994c53e7627b4a6fc736e14a5b18f4770018ad42320d48aeaecabee65124

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 7:55:54 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Riyuepee (M)
16.6.30.3

File size:
1.8 MB (1,938,296 bytes)

Product version:
1, 1, 5, 18

Copyright:
(C) Riyue peer information technology (Beijing) Co., Ltd

Original file name:
calendar.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
Riyue peer information technology (Beijing) Co., Ltd

Authority:
Thawte, Inc.

Valid from:
2/2/2015 8:00:00 AM

Valid to:
4/3/2016 7:59:59 AM

Subject:
CN="Riyue peer information technology (Beijing) Co., Ltd", OU=departmentof commerce, O="Riyue peer information technology (Beijing) Co., Ltd", L=beijing, S=beijing, C=CN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6FFBC290FCCD68D68A5AAB6BB6E783D4

File PE Metadata
Compilation timestamp:
8/4/2015 9:59:04 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:Cr/qKRnQbzQnUcP9mwatiwFCIwjNrcC4QlXrpYO9PmPvEJiPUqCSxnjcnprBLs:cObzINP9mwa3Ea/2YO9eXbCSxn4Ps

Entry address:
0x490FF

Entry point:
E8, 94, 3C, 01, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 83, 65, E0, 00, 57, 6A, 07, 59, 33, C0, 8D, 7D, E4, F3, AB, 5F, 85, F6, 75, 15, E8, F3, 31, 00, 00, C7, 00, 16, 00, 00, 00, E8, 06, 50, 00, 00, 83, C8, FF, C9, C3, 39, 45, 0C, 74, E6, 56, E8, 0B, 08, 00, 00, 59, B9, FF, FF, FF, 7F, C7, 45, EC, 49, 00, 00, 00, 89, 75, E8, 89, 75, E0, 89, 4D, E4, 3B, C1, 77, 03, 89, 45, E4, FF, 75, 14, 8D, 45, E0, FF, 75, 10, FF, 75, 0C, 50, FF, 55, 08, 83, C4, 10, C9, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75...
 
[+]

Entropy:
7.5066

Code size:
470 KB (481,280 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
nCalendar

Command:
"C:\calendar.exe" -autostart


Remove calendar.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.