home

droid4xinstaller_0.5.1.exe

Haiyu Dongxiang Co.,Ltd.

The executable droid4xinstaller_0.5.1.exe has been detected as malware by 10 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from fr.softoware.net.
Publisher:
Haiyu Dongxiang Co.,Ltd.  (signed and verified)

MD5:
9705ac670792869172ff41ee5aff525a

SHA-1:
60d7c791dfef6a12fc115b1f4741af06f2a9e1fd

SHA-256:
40f69f47248bd02da3afb7c120d611e7a5e6886cb7b1584356be926b15f62970

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
11/15/2024 9:35:51 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Mabezat [Wrm]
160518-2

AVG
Win32/Mabezat
2015.0.4568

Dr.Web
Win32.HLLW.Tazebama
9.0.1.05190

Emsisoft Anti-Malware
Win32.Worm.Mabezat.Gen
9.0.0.4157

ESET NOD32
Win32/Mabezat.A virus
8.0.319.0

F-Prot
W32/Mabezat.A-2
4.6.5.141

F-Secure
Win32.Worm.Mabezat.Gen
5.15.96

Kaspersky
Worm.Win32.Mabezat
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.223.2192.0

Norman
Win32.Worm.Mabezat.Gen
19.05.2016 01:04:49

File size:
2.5 MB (2,591,855 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\documents and settings\pc\mes documents\downloads\droid4xinstaller_0.5.1.exe

Digital Signature
Signed by:
Haiyu Dongxiang Co.,Ltd.

Authority:
VeriSign, Inc.

Valid from:
7/25/2014 12:00:00 AM

Valid to:
7/25/2015 11:59:59 PM

Subject:
CN="Haiyu Dongxiang Co.,Ltd.", OU=IT, O="Haiyu Dongxiang Co.,Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3BEE13AA16F8DA317BCBE1BDD3D1F804

File PE Metadata
Compilation timestamp:
11/7/2014 12:50:18 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:Ner1MycJLfGEjPVIMbE+hiS+EYhyBi7Op0n5RMRWqEBkQXzDhgvKVqxTAlvMmD+v:iq5JCSmLVSihyQeWrBkKViAlvMmD+v

Entry address:
0x8FC96

Entry point:
BB, 55, D2, EA, 18, 93, E9, 20, 01, 00, 00, AE, 54, B7, B3, 5F, E3, B7, B3, 37, 2C, 5B, 37, 37, B7, 37, 37, B9, 37, 37, 37, 96, 68, 6D, 68, 67, 68, 70, 6E, 6D, 37, 37, 37, AB, 98, B1, 9C, 99, 98, A4, 98, 65, 9B, A3, A3, 37, 37, 37, 37, 93, 37, 37, 37, 7D, A9, 9C, 9C, 83, A0, 99, A9, 98, A9, B0, 37, 7A, A9, 9C, 98, AB, 9C, 7B, A0, A9, 9C, 9A, AB, A6, A9, B0, 78, 37, 37, 37, 37, 7E, 9C, AB, 8E, A0, A5, 9B, A6, AE, AA, 7B, A0, A9, 9C, 9A, AB, A6, A9, B0, 78, 37, 37, 37, 37, 7E, 9C, AB, 84, A6, 9B, AC, A3, 9C...
 
[+]

Code size:
701 KB (717,824 bytes)

The file droid4xinstaller_0.5.1.exe has been seen being distributed by the following URL.

http://fr.softoware.net/get-droid4x.html?ir=1

Remove droid4xinstaller_0.5.1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.