gi0fkgbajyoaqzwxmc40iiowm8n3igi0fkgbajyoaqzwxmc40iiowm8n3i_a10.exe

Yu Bao

The executable gi0fkgbajyoaqzwxmc40iiowm8n3igi0fkgbajyoaqzwxmc40iiowm8n3i_a10.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
Yu Bao  (signed and verified)

MD5:
2bb7bfa4a7169f63b805f3cf9b49ba91

SHA-1:
b175af3566acf08387e3ef727c63c576d4155d5e

SHA-256:
09399f8ac1c37870298aaac3054dda08aedb1d38f78c6a4885fcb7152489a4a6

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/27/2024 1:06:06 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.9.10.4

File size:
1.4 MB (1,480,408 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\gi0fkgbajyoaqzwxmc40iiowm8n3igi0fkgbajyoaqzwxmc40iiowm8n3i_a10.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
10/20/2015 10:00:00 PM

Valid to:
10/20/2016 9:59:59 PM

Subject:
CN=Yu Bao, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
17C6AE891D357C16ADC447794EA40FC5

File PE Metadata
Compilation timestamp:
11/20/2015 8:20:48 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:dBt5Z4vAxLi5M3hOuCIU1TAFE7ef41ofFKodI+oeuGkp7Cgcixy25y2:HDNm5MxpCPEduDvp7Caxy25y2

Entry address:
0xB0453

Entry point:
00, 8B, 4D, 0C, 89, 01, 33, C0, 40, E9, B0, 00, 00, 00, 83, 65, C8, 00, C7, 45, CC, A1, 0E, 4B, 00, A1, 60, 28, 55, 00, 8D, 4D, C8, 33, C1, 89, 45, D0, 8B, 45, 18, 89, 45, D4, 8B, 45, 0C, 89, 45, D8, 8B, 45, 1C, 89, 45, DC, 8B, 45, 20, 89, 45, E0, 83, 65, E4, 00, 83, 65, E8, 00, 83, 65, EC, 00, 89, 65, E4, 89, 6D, E8, 64, A1, 00, 00, 00, 00, 89, 45, C8, 8D, 45, C8, 64, A3, 00, 00, 00, 00, C7, 45, FC, 01, 00, 00, 00, 8B, 45, 08, 89, 45, F0, 8B, 45, 10, 89, 45, F4, E8, 0B, 70, 00, 00, 8B, 80, 80, 00, 00, 00...
 
[+]

Code size:
1 MB (1,077,248 bytes)