conquer_v6075_p2p.exe

Conquer Online Downloader

TQ Digital Entertainment

The executable conquer_v6075_p2p.exe has been detected as malware by 8 anti-virus scanners. The file has been seen being downloaded from co-cdn.download.99.com.
Publisher:
TQ Digital Entertainment

Product:
Conquer Online Downloader

Version:
1, 0, 2, 2

MD5:
e913fb060070741ff5e5ca2d60033635

SHA-1:
808f8877c40a9c906c2fafdf1863dfbae8a0c0f2

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
12/27/2024 2:53:22 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Agent.1138176.11
8.3.1.6

Dr.Web
Trojan.DownLoader11.64449
9.0.1.0165

Fortinet FortiGate
PossibleThreat.SB!tr.dldr
6/14/2015

IKARUS anti.virus
Trojan.Agent
t3scan.1.9.5.0

McAfee
Artemis!E913FB060070
5600.6734

NANO AntiVirus
Trojan.Win32.DownLoader11.dquknb
0.30.24.2086

SUPERAntiSpyware
Trojan.Agent/Generic
9814

Trend Micro House Call
Suspicious_GEN.F47V0528
7.2.165

File size:
1.1 MB (1,138,176 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2010

Original file name:
Downloader.EXE

File type:
Executable application (Win32 EXE)

Language:
Chinese (PRC)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\conquer_v6075_p2p.exe

File PE Metadata
Compilation timestamp:
10/11/2014 9:19:31 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:ZY2pSjUmFiCbp1RD1zE8auFv6oA9eU5qKx4:RzmFiC3RRzPawOfqKS

Entry address:
0x694D3

Entry point:
E8, 01, 1C, 01, 00, E9, 78, FE, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, A0, C4, 4B, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, A0, C4, 4B, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B...
 
[+]

Entropy:
7.0224

Code size:
616 KB (630,784 bytes)

Windows Firewall Allowed Program
Name:
C:\Documents and Settings\sa1000\My Documents\Downloads\Conquer_v6075_P2P.exe


The file conquer_v6075_p2p.exe has been seen being distributed by the following URL.

Remove conquer_v6075_p2p.exe - Powered by Reason Core Security