f_00022c

飞云日历

上海快屏网络科技有限公司

The file f_00022c by 上海快屏网络科技有限公司 has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from down.job391.com and multiple other hosts.
Publisher:
快屏网络科技有限公司  (signed by 上海快屏网络科技有限公司)

Product:
飞云日历

Description:
飞云日历安装程序

Version:
V1.0

MD5:
75bcaa7f6a9df783b6d25ef3b880a503

SHA-1:
2cea3715d71ad3835dfe7f1426198c1a442b7d72

SHA-256:
8e3ccc024cd42dbe2cb2b0b309a3b76979f2b9201d9882d7544494cd18fdd249

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 8:17:56 AM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Trojan.691128
0.98/21511

Fortinet FortiGate
W32/Generic.AC.18053
5/12/2015

Kaspersky
HEUR:Trojan.Win32.Invader
14.0.0.2051

McAfee
Artemis!75BCAA7F6A9D
5600.6767

NANO AntiVirus
Riskware.Win32.ShouQu.dmnfjx
0.30.24.1357

Trend Micro House Call
Suspicious_GEN.F47V0509
7.2.132

Vba32 AntiVirus
Malware-Cryptor.Inject.gen
3.12.26.3

File size:
2.9 MB (3,002,440 bytes)

Product version:
1.0.0.0

Copyright:
Copyright (C) 2015快屏网络

Trademarks:
快屏网络

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\google\chrome\user data\default\cache\f_00022c

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
1/14/2014 8:00:00 AM

Valid to:
1/15/2016 7:59:59 AM

Subject:
CN=上海快屏网络科技有限公司, OU=快屏项目部, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=上海快屏网络科技有限公司, L=上海, S=上海, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
05A564A97D832D72A2E1F00E7A2A889C

File PE Metadata
Compilation timestamp:
3/29/2014 5:42:03 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:SGIpLfWhCL3zka1V5b9nn8Stp9HCp97UvVoQ6uxRzEla78PVK2:SGIpnLDka1zySxCp9RQZR+Q2

Entry address:
0x3DD3

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, B1, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, C0, 90, 40, 00, 53, FF, 15, 70, 92, 40, 00, 6A, 08, A3, 78, 5F, 42, 00, E8, 55, 3D, 00, 00, A3, E4, 5E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 80, 18, 42, 00, FF, 15, 68, 91, 40, 00, 68, B8, B1, 40, 00, 68, E0, 56, 42, 00, E8, 06, 3A, 00, 00, FF, 15, BC, 90, 40, 00, BF, 00, B0, 42, 00, 50, 57, E8, F4, 39, 00, 00...
 
[+]

Entropy:
7.9985

Packer / compiler:
Nullsoft install system v2.x

Code size:
28.5 KB (29,184 bytes)

The file f_00022c has been seen being distributed by the following 4 URLs.

Remove f_00022c - Powered by Reason Core Security