elb.exe

tc_elm

SHENGJUGUANG ONLINE INFORMATION TECHNOLOGY CO., LTD

The executable elb.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
tc_elm team  (signed by SHENGJUGUANG ONLINE INFORMATION TECHNOLOGY CO., LTD)

Product:
tc_elm

Version:
1.15.1205.1

MD5:
61f49b1717c2596b0e539d5a8bab49aa

SHA-1:
7e14d30f40daadc5f45aa947fe9e9fed6ff48bbf

SHA-256:
ec95c5ccb0c661a9a214175838a8f1eaafea16dd6fa3aa23204c19188c589aa5

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/18/2024 9:31:56 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.10.18.2

File size:
599 KB (613,328 bytes)

Product version:
1.15.1205.1

Copyright:
Copyright (C) 2015

Original file name:
tc_elm.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese

Common path:
C:\Program Files\elb_201512081655\201512081655\elb.exe

Digital Signature
Authority:
WoSign CA Limited

Valid from:
5/5/2015 10:47:23 AM

Valid to:
6/5/2016 11:47:23 AM

Subject:
CN="SHENGJUGUANG ONLINE INFORMATION TECHNOLOGY CO., LTD", O="SHENGJUGUANG ONLINE INFORMATION TECHNOLOGY CO., LTD", L=Nanning, S=Guangxi Zhuangzu Zizhiqu, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
153E5FD641E989DBE701EE17BA3579EE

File PE Metadata
Compilation timestamp:
12/5/2015 9:56:43 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:fCBqqBdd5Lu6FwRCLNyrbFN54/jLTCRNvhqd:fCBqqBdd5LfKRiIrbFN54/jCRBhu

Entry address:
0x44FB6

Entry point:
E8, 18, 05, 00, 00, E9, 6B, FD, FF, FF, FF, 25, E0, 45, 45, 00, FF, 25, E4, 45, 45, 00, FF, 25, 2C, 45, 45, 00, FF, 25, 28, 45, 45, 00, CC, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, CC, CC, CC, CC, CC, 83, 3D, 48, CF, 47, 00, 00, 74, 2D, 55, 8B, EC, 83, EC, 08, 83, E4, F8, DD, 1C, 24, F2, 0F, 2C, 04, 24, C9, C3, 83, 3D, 48, CF, 47, 00, 00, 74, 11, 83...
 
[+]

Code size:
328.5 KB (336,384 bytes)

Remove elb.exe - Powered by Reason Core Security