è¿…é›·7_1@21754.exe

downer for windows

Riyue peer information technology (Beijing) Co., Ltd

The application è¿…é›·7_1@21754.exe by Riyue peer information technology (Beijing) Co. has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dlc2.pconline.com.cn and multiple other hosts.
Publisher:

Product:
downer for windows

Version:
1.2.0.0

MD5:
bf5b2e8ebe3911a1d7443350eb366118

SHA-1:
623c5944ee2caf16f2db319a0892bface6a182ac

SHA-256:
30be76d8383e1cb4756fbb8a7a914a9b900413f5bfafe5fb20c7335adf3c5473

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 1:30:21 PM UTC  (today)

Scan engine
Detection
Engine version

IKARUS anti.virus
Hoax.Win32.ArchSMS
t3scan.1.8.5.0

Reason Heuristics
PUP.RiyuepeerinformationtechnologyBeijingCo (M)
15.11.27.23

Trend Micro House Call
Suspicious_GEN.F47V0101
7.2.7

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
979 KB (1,002,496 bytes)

Product version:
1.2.0.0

Copyright:
Riyue peer information technology (Beijing) Co., Ltd

Original file name:
downer

File type:
Executable application (Win32 EXE)

Language:
Çince (Basitlestirilmis, Çin)

Digital Signature
Authority:
Thawte, Inc.

Valid from:
2/20/2014 2:00:00 AM

Valid to:
2/21/2015 1:59:59 AM

Subject:
CN="Riyue peer information technology (Beijing) Co., Ltd", OU=departmentof commerce, O="Riyue peer information technology (Beijing) Co., Ltd", L=beijing, S=beijing, C=CN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
5EF67E737811F4602210D3F817327CE7

File PE Metadata
Compilation timestamp:
12/29/2014 2:01:07 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:J+xy3b2yLOoI8gT3htNXxKXDfmfMqTaRnxdB:3XOoLmhtNXxKX6fhTaRnxdB

Entry address:
0x244E80

Entry point:
60, BE, 00, 90, 55, 00, 8D, BE, 00, 80, EA, FF, C7, 87, F8, 69, 17, 00, 70, 03, C8, 74, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB...
 
[+]

Entropy:
7.8671

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
948 KB (970,752 bytes)

The file è¿…é›·7_1@21754.exe has been seen being distributed by the following 5 URLs.

http://dlc2.pconline.com.cn/filedown3_51240_16956141/.../QvodSetupPlus5_5100000512406956141.exe

Remove è¿…é›·7_1@21754.exe - Powered by Reason Core Security