home

CoLine.exe

CoLine 2014

KongZhong(China) Co.,Ltd

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘CoLine’.
Publisher:
通软联合  (signed by KongZhong(China) Co.,Ltd)

Product:
CoLine 2014

Description:
CoLine

Version:
0.9.0.0

MD5:
7ae39c2b0211c5aab015de42a8062d91

SHA-1:
dec1b1dda08c3510ecc22d7370285e2645b39ded

SHA-256:
58e7efac780b18ce0ee3b24429f85f22e6c193ac5a72cc91375836064797ee85

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/30/2024 7:22:44 PM UTC  (today)

File size:
471.1 KB (482,416 bytes)

Product version:
5.0.0.0

Copyright:
Copyright (C) 2011

Original file name:
CoLine.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Common path:
C:\Program Files\fang\coline\coline.exe

Digital Signature
Signed by:
KongZhong(China) Co.,Ltd

Authority:
Thawte, Inc.

Valid from:
9/9/2013 7:00:00 AM

Valid to:
9/10/2015 6:59:59 AM

Subject:
CN="KongZhong(China) Co.,Ltd", OU=Technology and Operations maintenance center, O="KongZhong(China) Co.,Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6DE28858D0E20FE2D27A39ED9F6187BA

File PE Metadata
Compilation timestamp:
12/5/2014 2:42:03 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:WePNIRiBc717/nxXs4afAzUhO8/gkw6wXJ83ZrrTP8vdk84:WdABc717/xvafxR/gb6aIrrAvdw

Entry address:
0x1AFE6

Entry point:
E9, C5, DA, 02, 00, E9, A0, 51, 02, 00, E9, 99, D0, 02, 00, E9, 36, 43, 02, 00, E9, B1, D6, 00, 00, E9, AA, F9, 02, 00, E9, D7, 10, 02, 00, E9, E2, 5A, 01, 00, E9, 93, D1, 02, 00, E9, 38, 2B, 02, 00, E9, 13, 34, 01, 00, E9, EE, 6B, 01, 00, E9, 6B, DF, 02, 00, E9, FA, F9, 02, 00, E9, 6B, E0, 02, 00, E9, EC, DF, 02, 00, E9, EB, CE, 02, 00, E9, 70, C6, 01, 00, E9, 2B, 80, 01, 00, E9, 26, BD, 02, 00, E9, DD, CE, 02, 00, E9, 5C, 50, 01, 00, E9, 49, CE, 02, 00, E9, 14, D4, 02, 00, E9, FD, D8, 01, 00, E9, 58, 77...
 
[+]

Entropy:
5.5957

Developed / compiled with:
Microsoft Visual C++ 8.0 (Debug)

Code size:
218 KB (223,232 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
CoLine

Command:
C:\Program Files\fang\coline\coline.exe


Scan CoLine.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.