home

ch_dl_url

BaiduBarSetup 应用程序

BeiJing Baidu Netcom Science Technology Co., Ltd

Publisher:
BeiJing Baidu Netcom Science Technology Co., Ltd  (signed and verified)

Product:
BaiduBarSetup 应用程序

Version:
2.5.0.1

MD5:
1846bc1a8d6a5c6106c9a1185032a60a

SHA-1:
b7f078edc26e2f70492833a5b819cbb1cdf31925

SHA-256:
86f8cbfbe8a246785228ae7f7796a7089154b86073ee15da75e45d6e18c4a503

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 6:50:04 AM UTC  (today)

File size:
3.9 MB (4,127,064 bytes)

Product version:
2.5.0.1

Copyright:
Copyright (C) 2015

Original file name:
BaiduBarSetup.exe

Common path:
C:\users\{user}\appdata\local\temp\ch_dl_url

Digital Signature
Signed by:
BeiJing Baidu Netcom Science Technology Co., Ltd

Authority:
VeriSign, Inc.

Valid from:
2/5/2015 8:00:00 AM

Valid to:
2/7/2016 7:59:59 AM

Subject:
CN="BeiJing Baidu Netcom Science Technology Co., Ltd", OU=Engineering Excellence, O="BeiJing Baidu Netcom Science Technology Co., Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
07BB7E6586C7D00D361700E4139FE772

File PE Metadata
Compilation timestamp:
11/2/2015 10:44:43 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:GqSSH7aDzp/7hPBpkWNWoRNca8bL/bmBRYfYz20:Gq3bax7hJ2WZoOBhj

Entry address:
0x2D51

Entry point:
E8, 50, 2C, 00, 00, E9, 40, FE, FF, FF, 55, 8B, EC, 51, 51, 8D, 45, F8, 50, FF, 15, 84, E0, 40, 00, 8B, 45, F8, 8B, 4D, FC, 6A, 00, 05, 00, 80, C1, 2A, 68, 80, 96, 98, 00, 81, D1, 21, 4E, 62, FE, 51, 50, E8, B7, 2C, 00, 00, 8B, 4D, 08, 85, C9, 74, 05, 89, 01, 89, 51, 04, C9, C3, E8, FD, 0D, 00, 00, 8B, 4C, 24, 04, 89, 48, 14, C3, E8, F0, 0D, 00, 00, 8B, 48, 14, 69, C9, FD, 43, 03, 00, 81, C1, C3, 9E, 26, 00, 89, 48, 14, 8B, C1, C1, E8, 10, 25, FF, 7F, 00, 00, C3, 6A, 0C, 68, 90, 00, 41, 00, E8, D6, 29, 00...
 
[+]

Entropy:
7.8116  (probably packed)

Code size:
52 KB (53,248 bytes)

The file ch_dl_url has been seen being distributed by the following 2 URLs.

http://scloud-dlsw.br.baidu.com/package/.../fd4ca4c369244ed46f6cdb8826ef6c04.exe

http://dlsw.br.baidu.com/package/.../fd4ca4c369244ed46f6cdb8826ef6c04.exe

Scan ch_dl_url - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.