home

daocaoren3.0.exe

稻草人便民工具

Yantai ZhengHao Network Technology Co.,Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DaoCaoRen’.
Publisher:
稻草人  (signed by Yantai ZhengHao Network Technology Co.,Ltd.)

Product:
稻草人便民工具

Version:
3.0.0.1062

MD5:
18492bdf696c550b81ecc30d17b7336c

SHA-1:
84f86509be69a14790f782d9a1663717aadfa71d

SHA-256:
e153d33b4607344a26ca82fbe9015e188a9310e87d700c1bab4f9d87e4bb14fd

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 12:44:52 PM UTC  (today)

File size:
615.6 KB (630,344 bytes)

Product version:
3.0.0.1062

Copyright:
稻草人www.daocaoren.cn

Original file name:
Utility.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\daocaoren\daocaoren3.0.exe

Digital Signature
Signed by:
Yantai ZhengHao Network Technology Co.,Ltd.

Authority:
VeriSign, Inc.

Valid from:
6/14/2012 3:00:00 AM

Valid to:
6/15/2013 2:59:59 AM

Subject:
CN="Yantai ZhengHao Network Technology Co.,Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Yantai ZhengHao Network Technology Co.,Ltd.", L=Yantai, S=Shandong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0F3D33D10E94C4017C0417C354E3620E

File PE Metadata
Compilation timestamp:
4/7/2013 4:51:40 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:0Es+8m+2eiRcdBmfvyTJYiFusmvx7QuNE7qqzXdYow/bPIoxncyzFzOgwsnoY7kG:0Es+fg5dMfq9Yi4Dx7Qiq7SAQc6HnD

Entry address:
0x392DE

Entry point:
6A, 60, 68, 68, 92, 46, 00, E8, 1E, 09, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 0A, DA, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 58, E3, 45, 00, 8B, 4E, 10, 89, 0D, 6C, A8, 47, 00, 8B, 46, 04, A3, 78, A8, 47, 00, 8B, 56, 08, 89, 15, 7C, A8, 47, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 70, A8, 47, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 70, A8, 47, 00, C1, E0, 08, 03, C2, A3, 74, A8, 47, 00, 33, F6, 56, 8B, 3D, 14, E3, 45, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Entropy:
6.4677

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
372 KB (380,928 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
DaoCaoRen

Command:
"C:\Program Files\daocaoren\daocaoren3.0.exe" \s


Scan daocaoren3.0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.