» foxit phantom64-bit 2.2.4.0225_3@51873.exe
Overview
Analysis
File Details
Downloads (1)

foxit phantom64-bit 2.2.4.0225_3@51873.exe

downer for windows

Riyue Tongxing Information Technology (Beijing) Co.,Ltd.

The application foxit phantom64-bit 2.2.4.0225_3@51873.exe by Riyue Tongxing Information Technology (Beijing) Co.,Ltd has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.onlinedown.net.

File name:

Publisher:

Riyue Tongxing Information Technology (Beijing) Co.,Ltd. (signed and verified)

Product:

downer for windows

Version:

1.2.11.27

MD5:

711031b5d5d7de8fbaa93ab098f097e3

SHA-1:

5b0e9406aaa4648ae62bc2a54467de52d69f5983

SHA-256:

3e29616c689c9c0f72d7e25125b47ea41cf943970ef2304c53a2454063cc46bd

Scanner detections:

6 / 68

Status:

Potentially unwanted

Analysis date:

11/24/2024 7:26:19 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2016.0.2895

Baidu Antivirus

PUA.Win32.Gaofenquming

4.0.3.151215

ESET NOD32

Win32/Gaofenquming.B potentially unwanted (variant)

9.12719

McAfee

Artemis!711031B5D5D7

5600.6551

VIPRE Antivirus

Trojan.Win32.Generic

45826

ViRobot

Adware.Agent.2738280[h]

2014.3.20.0

File size:

2.6 MB (2,738,280 bytes)

Product version:

1.2.11.27

Riyue Tongxing Information Technology (Beijing) Co.,Ltd.

Original file name:

downer

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\users\{user}\downloads\foxit phantom64-bit 2.2.4.0225_3@51873.exe

Digital Signature

Signed by:

Riyue Tongxing Information Technology (Beijing) Co.,Ltd.

Authority:

WoSign CA Limited

Valid from:

11/2/2015 3:48:13 AM

Valid to:

11/2/2016 4:48:13 AM

Subject:

CN="Riyue Tongxing Information Technology (Beijing) Co.,Ltd.", O="Riyue Tongxing Information Technology (Beijing) Co.,Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

55950E596B6D1EB045BBED7DEE696932

File PE Metadata

Compilation timestamp:

11/26/2015 10:32:22 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:k4eI0PZcZAjH2YW4KIBLH0yq3f57g8TJYwNq7WtSDO+nS54IDqdu:SaAG4KIBL0XS89m7oSo5Adu

Entry address:

0x78D740

Entry point:

60, BE, 00, B0, 8F, 00, 8D, BE, 00, 60, B0, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75... 
[+]

Entropy:

7.9086

Packer / compiler:

UPX 2.90LZMA

Code size:

2.6 MB (2,699,264 bytes)

The file foxit phantom64-bit 2.2.4.0225_3@51873.exe has been seen being distributed by the following URL.

http://www.onlinedown.net/.../index3.php?ver=1&name=Foxit Phantom64-bit 2.2.4.0225&id=51873&token=660baa73b9f7476a1a1f6eb1cdf4fc03

Remove foxit phantom64-bit 2.2.4.0225_3@51873.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.