home

copyfile.exe

Liuzhou Yingteng Software Co.,Ltd.

Publisher:
Liuzhou Yingteng Software Co.,Ltd.  (signed and verified)

MD5:
d31c34c6b8a687653f7ed1b61d8a2a37

SHA-1:
2f1ca31de3945f5f626b70895a20ac5faaff4e1d

SHA-256:
d3b50a449363c51a32f44cb685460572b9c9dc59f69c660e9135aa9a5861a901

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/6/2024 12:33:34 AM UTC  (today)

File size:
1004.5 KB (1,028,632 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\zcjsj-xp\copyfile.exe

Digital Signature
Signed by:
Liuzhou Yingteng Software Co.,Ltd.

Authority:
VeriSign, Inc.

Valid from:
10/23/2013 8:00:00 AM

Valid to:
10/24/2014 7:59:59 AM

Subject:
CN="Liuzhou Yingteng Software Co.,Ltd.", OU=IT dept., OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Liuzhou Yingteng Software Co.,Ltd.", L=Liuzhou, S=Guangxi, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
016E5FD47112E6365C0BD998A765D8F1

File PE Metadata
Compilation timestamp:
9/22/2011 8:17:29 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:2l9kgeTOwx/I/X16Dxwdae4s+I9CWmQetEbHKxHX:T6G/k16DxOgKbGHX

Entry address:
0xD9CD8

Entry point:
55, 8B, EC, 83, C4, F0, B8, 98, 85, 4D, 00, E8, F8, D7, F2, FF, A1, E8, 2C, 4E, 00, 8B, 00, E8, 0C, 5D, FD, FF, A1, E8, 2C, 4E, 00, 8B, 00, B2, 01, E8, E6, 7A, FD, FF, 8B, 0D, 78, 2E, 4E, 00, A1, E8, 2C, 4E, 00, 8B, 00, 8B, 15, 34, 81, 4D, 00, E8, FE, 5C, FD, FF, A1, E8, 2C, 4E, 00, 8B, 00, E8, 2A, 5E, FD, FF, E8, 4D, B3, F2, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5881

Developed / compiled with:
Microsoft Visual C++

Code size:
866.5 KB (887,296 bytes)

Scan copyfile.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.