home

godrun.exe

Zhenjiang Xinqu Guangcaixingchen Information Technology Co., Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Universal Calendar’.
Publisher:
万能日历   (signed by Zhenjiang Xinqu Guangcaixingchen Information Technology Co., Ltd)

Product:
万能日历

Description:
Calendar Run

Version:
1.1.0

MD5:
343b6c4f702fce147be0046523f210a0

SHA-1:
971706a44d1c5245dd1f30614b84cd69fbb48126

SHA-256:
613d012b11933edd67014505efd29ae78c9713a045b63e4fb87fc16250113d9b

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
1/10/2025 7:12:26 AM UTC  (today)

Scan engine
Detection
Engine version

IKARUS anti.virus
Trojan-Dropper.Win32.Dapato
t3scan.1.9.5.0

File size:
506.4 KB (518,504 bytes)

Product version:
1.10

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\calendar\godrun.exe

Digital Signature
Signed by:
Zhenjiang Xinqu Guangcaixingchen Information Technology Co., Ltd

Authority:
WoSign eCommerce Services Limited

Valid from:
10/12/2013 10:47:14 AM

Valid to:
10/14/2014 5:59:22 AM

Subject:
E=masterwannen@sina.com, CN="Zhenjiang Xinqu Guangcaixingchen Information Technology Co., Ltd", O="Zhenjiang Xinqu Guangcaixingchen Information Technology Co., Ltd", L=Zhenjiang, S=Jiangsu, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:
11FE5B39872580

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:WLdfgr6UcuR1HcE3z/LrIJCC9X6QlbC4a62hIR1K2g2pXdYxE3sD+tXfi/G2eSP5:edfaxcuRuETclDa5hIRdPdCrEfi39x

Entry address:
0x56DF0

Entry point:
55, 8B, EC, 83, C4, F0, B8, 40, 6C, 45, 00, E8, 44, F4, FA, FF, A1, E8, 8B, 45, 00, 8B, 00, E8, 24, 71, FF, FF, 8B, 0D, C4, 8C, 45, 00, A1, E8, 8B, 45, 00, 8B, 00, 8B, 15, 58, 65, 45, 00, E8, 24, 71, FF, FF, A1, E8, 8B, 45, 00, 8B, 00, E8, 98, 71, FF, FF, E8, 7B, D4, FA, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5173

Developed / compiled with:
Microsoft Visual C++

Code size:
344 KB (352,256 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Universal Calendar

Command:
"C:\Program Files\calendar\godrun.exe" \autostart


Scan godrun.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.