home

_@fe1b.tmp

Xiaodong Wang

The file _@fe1b.tmp by Xiaodong Wang has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
InterHop  (signed by Xiaodong Wang)

Product:
InterHop

Version:
1.0.1.0

MD5:
07be35783f24aca6c6907f947312678d

SHA-1:
82d6d54245dfed9a536bf7fe9183c6757f62ee02

SHA-256:
26829de49299e42612a7c5829fe316e1fa57d22719acdd7e6c33b22ed6db23e4

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/6/2024 10:24:49 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.InterHop (M)
16.9.20.14

File size:
187.7 KB (192,232 bytes)

Product version:
1.0.1.0

Copyright:
InterHop

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\_@fe1b.tmp

Digital Signature
Signed by:
Xiaodong Wang

Authority:
thawte, Inc.

Valid from:
9/17/2016 5:00:00 PM

Valid to:
8/8/2017 4:59:59 PM

Subject:
CN=Xiaodong Wang, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
0A4376BB30B80CD104AC42B125DE050A

File PE Metadata
Compilation timestamp:
9/19/2016 11:32:20 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:oR/cwNIkjNW7dJ5bAsHtjGDdOJcj5uLuFKYsiC3KGcbF+MUHA9jYbVnVjiZXLm8F:oRLBjiJqsYmcNfcYsij2MH9j8VjqaEgk

Entry address:
0x56C4C

Entry point:
E8, 79, 4D, FF, FF, 66, 87, 03, 9C, 68, BC, 4F, 5C, C7, C6, 44, 24, 04, 92, E9, D6, 9D, FF, FF, 00, 00, 50, 61, 74, 68, 52, 65, 6D, 6F, 76, 65, 46, 69, 6C, 65, 53, 70, 65, 63, 57, 00, B0, 2E, 88, 3C, 24, F2, AE, E8, 70, 6F, FF, FF, 9C, 8D, 64, 24, 0C, E8, 32, D8, 00, 00, 9C, 8D, 64, 24, 04, E9, E1, 5B, FF, FF, 00, 00, 43, 6F, 49, 6E, 69, 74, 69, 61, 6C, 69, 7A, 65, 00, E9, 16, AD, FF, FF, 00, 00, 50, 61, 74, 68, 41, 70, 70, 65, 6E, 64, 57, 00, 53, 8E, B2, BE, BB, 64, F8, D1, C9, 68, A9, 34, B9, 44, 2E, 57...
 
[+]

Entropy:
7.8208  (probably packed)

Code size:
99.5 KB (101,888 bytes)

Remove _@fe1b.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.