cycs_y_3dmcy_0531.exe

赤月传说Ⅱ Lander

上海冰狗网络科技有限公司

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.baidu.com and multiple other hosts.
Publisher:
上海冰狗网络科技有限公司  (signed and verified)

Product:
赤月传说Ⅱ Lander

Description:
赤月传说Ⅱ微端

Version:
1.0.0.2

MD5:
3ce6fe4cb172fdf289ca4c03949efb88

SHA-1:
8991cdf118bd411464e8d0ee0e114423d4d672bb

SHA-256:
7d1cca0662f936ff9743e14b9d56603aa557680faaa7858482403129fdacf628

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/24/2024 12:24:51 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/RiskWare.LTLogger.A application
8.0.319.0

File size:
1.6 MB (1,682,184 bytes)

Product version:
1.0.0.2

Copyright:
Copyright (C) 2016

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\cycs_y_3dmcy_0531.exe

Digital Signature
Authority:
WoSign CA Limited

Valid from:
3/23/2016 1:17:49 PM

Valid to:
3/23/2017 1:17:49 PM

Subject:
CN=上海冰狗网络科技有限公司, O=上海冰狗网络科技有限公司, L=上海市, S=上海市, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
43179C2BD0FAF2759B1C98FA5B6041C0

File PE Metadata
Compilation timestamp:
12/6/2009 6:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:sNepXFYsewStQcjWMKdZqTx0I4WZvOulRyQuKmu:nFYRwIj7x14WZ9lMQuL

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9954

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file cycs_y_3dmcy_0531.exe has been seen being distributed by the following 23 URLs.

http://www.baidu.com/cb.php?c=IgF_pyfqnHRdP1RvnHf0IZ0qnfK9ujYznW6dPjf30Aw-5HcYPWRzrHb0TAq15HcYnWTLPjR0T1YkryRLnyPbmv7-uHmLmHn40AwY5HDYPWTznjRsrHR0IgF_5y9YIZ0lQzq9QWubPvm8mvqVQLPEuMfETgREnW0kPW0vnW0EmL-WTdqug1PbUyP4g10dn1D8ug9-0ZFb5HT0mhYqnfKsTWYs0ZNGujYznWmYrHTL0AqGujY4PjDYPfKWpyfqPjbznjD0ULI85H00TZbqnH0v0APzm1YdPW0LP6

http://www.baidu.com/cb.php?c=IgF_pyfqnHRdP1RvnHf0IZ0qnfK9ujYznW6dPjf30Aw-5HcYPWRzrHb0TAq15HcYnWTLPjR0T1Ykmhn1uAmYnWmvnvu-n16s0AwY5HDYPWbsrHR4n1m0IgF_5y9YIZ0lQzq9QWubPvm8mvqVQLPEuMfETgREnW0kPW0vnW0EmL-WTdqug1PbUyP4g10dn1D8ug9-0ZFb5Hb4rfKBUHYk0ZKz5H00Iy-b5HczPWf4P1T0Uv-b5HbYnHfd0APGujYYrHcsnfKEIv3qn0KsXHYknjm0mLFW5HmzPjnL

http://www.baidu.com/cb.php?c=IgF_pyfqnHRdP1RvnHf0IZ0qnfK9ujYznW6dPjfv0Aw-5HcYPWRzrHT0TAq15HcYn1RsP1b0T1dBnAcYnjTkrjF-uhRkuy7W0AwY5HDYPWTznj0LrHc0IgF_5y9YIZ0lQzq9QWubPvm8mvqVQLPEuMfETgREnW0kPW0vnW0EmL-WTdqug1PbUyP4g10dn1D8ug9-0ZFb5HT0mhYqnfKsTWYs0ZNGujYznWmYrHTL0AqGujY4PjDYPfKWpyfqPjbznjD0ULI85H00TZbqnH0v0APzm1YYnHD4nf

http://www.baidu.com/cb.php?c=IgF_pyfqnHRdP1RvnHf0IZ0qnfK9ujYznW6dPjfL0Aw-5HcYPWRzrH60TAq15HcYnWT3PWD0T1YYrynsujwWmhndmH99myf30AwY5HDYPW6kPH6vPj00IgF_5y9YIZ0lQzq9QWubPvm8mvqVQLPEuMfETgREnW0kPW0vnW0EmL-WTdqug1PbUyP4g10dn1D8ug9-0ZFb5HT0mhYqnfKsTWYs0ZNGujYznWmYrHTL0AqGujY4PjDYPfKWpyfqPjbznjD0ULI85H00TZbqnH0v0APzm1Ykrjm4n0

http://www.baidu.com/cb.php?c=IgF_pyfqnHRdP1RvnHf0IZ0qnfK9ujYznW6dPjRs0Aw-5HcYPWR1njD0TAq15HcYnWTvnH00T1dWrjPWmhR3PhfYryf3Phn40AwY5HDYPW6vPHD4n100IgF_5y9YIZ0lQzq9QWubPvm8mvqVQLPEuMfETgREnW0kPW0vnW0EmL-WTdqug1PbUyP4g10dn1D8ug9-0ZFb5HT0mhYqnfKsTWYs0ZNGujYznWmYrHTL0AqGujY4PjDYPfKWpyfqPW0drjf0ULI85H00TZbqnH0v0APzm1YzPWbdr0

http://www.baidu.com/cb.php?c=IgF_pyfqnHRdP1RvnHf0IZ0qnfK9ujYznW6dPjfv0Aw-5HcYPWRzrHT0TAq15HcYn1RsP1b0T1dhujPWPymdnHcLnAmdmW6k0AwY5HDYPWm4PH6LP160IgF_5y9YIZ0lQzq9QWubPvm8mvqVQLPEuMfETgREnW0kPW0vnW0EmL-WTdqug1PbUyP4g10dn1D8ug9-0ZFb5HT0mhYqnfKsTWYs0ZNGujYznWmYrHTL0AqGujY4PjDYPfKWpyfqPjbznjD0ULI85H00TZbqnH0v0APzm1YknjR3ns

http://www.baidu.com/cb.php?c=IgF_pyfqnHRdP1RvnHf0IZ0qnfK9ujYznW6dPjfv0Aw-5HcYPWRzrHT0TAq15HcYn1RsP1b0T1YLrADsrH01njnzPjP9rjFh0AwY5HDYPW64nHmkPHf0IgF_5y9YIZ0lQzq9QWubPvm8mvqVQLPEuMfETgREnW0kPW0vnW0EmL-WTdqug1PbUyP4g10dn1D8ug9-0ZFb5HT0mhYqnfKsTWYs0ZNGujYznWmYrHTL0AqGujY4PjDYPfKWpyfqPjbznjD0ULI85H00TZbqnH0v0APzm1YvPj0zn0

http://www.baidu.com/cb.php?c=IgF_pyfqnHRdP1RvnHf0IZ0qnfK9ujYznW6dPjfv0Aw-5HcYPWRzrHT0TAq15HcYn1RsP1b0T1dBuyR3mHK9uyfsuWmkmHRv0AwY5HDYPWTvnH63P1b0IgF_5y9YIZ0lQzq9QWubPvm8mvqVQLPEuMfETgREnW0kPW0vnW0EmL-WTdqug1PbUyP4g10dn1D8ug9-0ZFb5Hm0mhYqnfKsTWYs0ZNGujYznWmYrHTL0AqGujY4PjDYPfKWpyfqPjbznjD0ULI85H00TZbqnH0v0APzm1YYnWTsnf

http://www.baidu.com/cb.php?c=IgF_pyfqnHRdP1RvnHf0IZ0qnfK9ujYznW6dPjfv0Aw-5HcYPWRzrHT0TAq15HcYn1RsP1b0T1YLPADvuy7brHRvujDduWf10AwY5HDYPWbsnHDLrjb0IgF_5y9YIZ0lQzq9QWubPvm8mvqVQLPEuMfETgREnW0kPW0vnW0EmL-WTdqug1PbUyP4g10dn1D8ug9-0ZFb5HT0mhYqnfKsTWYs0ZNGujYznWmYrHTL0AqGujY4PjDYPfKWpyfqPjbznjD0ULI85H00TZbqnH0v0APzm1YkPjRsn6

http://www.baidu.com/cb.php?c=IgF_pyfqnHRdP1RvnHf0IZ0qnfK9ujYznW6dPjRs0Aw-5HcYPWR1njD0TAq15HcYnWTvnH00T1Ydujf4nW7huHm4nhnzmvP-0AwY5HDYPWmLnHc1nWm0IgF_5y9YIZ0lQzq9QWubPvm8mvqVQLPEuMfETgREnW0kPW0vnW0EmL-WTdqug1PbUyP4g10dn1D8ug9-0ZFb5HT0mhYqnfKsTWYs0ZNGujYznWmYrHTL0AqGujY4PjDYPfKWpyfqPW0drjf0ULI85H00TZbqnH0v0APzm1YYP164

http://www.baidu.com/cb.php?c=IgF_pyfqnHRdP1RvnHf0IZ0qnfK9ujYznW6dPjfv0Aw-5HcYPWRzrHT0TAq15HcYn1RsP1b0T1YYPHFhujfkPWPhPhmLPyNb0AwY5HDYPW64njckrH60IgF_5y9YIZ0lQzq9QWubPvm8mvqVQLPEuMfETgREnW0kPW0vnW0EmL-WTdqug1PbUyP4g10dn1D8ug9-0ZFb5Hb4rfKBUHYk0ZKz5H00Iy-b5HczPWf4P1T0Uv-b5HbYnHfd0APGujYYrHcsnfKEIv3qn0KsXHYknjm0mLFW5Hf3n163

http://www.baidu.com/cb.php?c=IgF_pyfqnHRdP1RvnHf0IZ0qnfK9ujYznW6dPjRs0Aw-5HcYPWR1njD0TAq15HcYnWTvnH00T1dWmh79uHD3nHTvrAF-uj6s0AwY5HDYPWm4PHR4njT0IgF_5y9YIZ0lQzq9QWubPvm8mvqVQLPEuMfETgREnW0kPW0vnW0EmL-WTdqug1PbUyP4g10dn1D8ug9-0ZFb5HT0mhYqnfKsTWYs0ZNGujYznWmYrHTL0AqGujY4PjDYPfKWpyfqPW0drjf0ULI85H00TZbqnH0v0APzm1YYP1fdns

http://www.baidu.com/cb.php?c=IgF_pyfqnHRdP1RvnHf0IZ0qnfK9ujYznW6dPjfv0Aw-5HcYPWRzrHT0TAq15HcYn1RsP1b0T1dhmH99n103uADdryDdm1nY0AwY5HDYPWm4nW6Lnj60IgF_5y9YIZ0lQzq9QWubPvm8mvqVQLPEuMfETgREnW0kPW0vnW0EmL-WTdqug1PbUyP4g10dn1D8ug9-0ZFb5HT0mhYqnfKsTWYs0ZNGujYznWmYrHTL0AqGujY4PjDYPfKWpyfqPjbznjD0ULI85H00TZbqnH0v0APzm1YzPHm4Ps

http://www.baidu.com/cb.php?c=IgF_pyfqnHRdP1RvnHf0IZ0qnfK9ujYznW6dPjfv0Aw-5HcYPWRzrHT0TAq15HcYn1RsP1b0T1d-Pjn4nv7-rHnduWfduHc40AwY5HDYPW6dnH04n160IgF_5y9YIZ0lQzq9QWubPvm8mvqVQLPEuMfETgREnW0kPW0vnW0EmL-WTdqug1PbUyP4g10dn1D8ug9-0ZFb5HT0mhYqnfKsTWYs0ZNGujYznWmYrHTL0AqGujY4PjDYPfKWpyfqPjbznjD0ULI85H00TZbqnH0v0APzm1YdPWDzPf

http://www.baidu.com/cb.php?c=IgF_pyfqnHRdP1RvnHf0IZ0qnfK9ujYznW6dPjfv0Aw-5HcYPWRzrHT0TAq15HcYn1RsP1b0T1Y1nAfYnAD4mH9-myw-PH-b0AwY5HDYPW64njn4nH00IgF_5y9YIZ0lQzq9QWubPvm8mvqVQLPEuMfETgREnW0kPW0vnW0EmL-WTdqug1PbUyP4g10dn1D8ug9-0ZFb5HT0mhYqnfKsTWYs0ZNGujYznWmYrHTL0AqGujY4PjDYPfKWpyfqPjbznjD0ULI85H00TZbqnH0v0APzm1YznH6vr0

http://www.baidu.com/cb.php?c=IgF_pyfqnHRdP1RvnHf0IZ0qnfK9ujYznW6dPjRs0Aw-5HcYPWR1njD0TAq15HcYnWTvnH00T1dhuy7-ryRkmyN-PhfYP10v0AwY5HDYPW64njnvrjb0IgF_5y9YIZ0lQzq9QWubPvm8mvqVQLPEuMfETgREnW0kPW0vnW0EmL-WTdqug1PbUyP4g10dn1D8ug9-0ZFb5Hm0mhYqnfKsTWYs0ZNGujYznWmYrHTL0AqGujY4PjDYPfKWpyfqPW0drjf0ULI85H00TZbqnH0v0APzm1Y1rHf4P0

http://www.baidu.com/cb.php?c=IgF_pyfqnHRdP1RvnHf0IZ0qnfK9ujYznW6dPjfv0Aw-5HcYPWRzrHT0TAq15HcYn1RsP1b0T1YzmHPWrjw9m161rjm3uhNB0AwY5HDYPWbknWnznWD0IgF_5y9YIZ0lQzq9QWubPvm8mvqVQLPEuMfETgREnW0kPW0vnW0EmL-WTdqug1PbUyP4g10dn1D8ug9-0ZFb5HT0mhYqnfKsTWYs0ZNGujYznWmYrHTL0AqGujY4PjDYPfKWpyfqPjbznjD0ULI85H00TZbqnH0v0APzm1YznWR4r0

Scan cycs_y_3dmcy_0531.exe - Powered by Reason Core Security