home

googlepinyininstaller.exe

Google Pinyin IME

Google Inc

This is a self-extracting archive and installer. The file has been seen being downloaded from dlc2.pconline.com.cn and multiple other hosts.
Publisher:
Google Inc.  (signed by Google Inc)

Product:
Google Pinyin IME

Description:
谷歌拼音输入法安装程序

Version:
2.7.25.128

MD5:
8cb727cea58a127ae955460ccc165a15

SHA-1:
6447a9277445befde4e70217b830285194883f67

SHA-256:
13ddccc8ffc3392d5912c933851803e7ee7eeb126076dcabc4a77c0d99fc3b2c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/5/2024 8:22:42 AM UTC  (today)

File size:
15.7 MB (16,423,240 bytes)

Product version:
2.7.25.128

Copyright:
Copyright (C) 2008

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\downloads\googlepinyininstaller.exe

Digital Signature
Signed by:
Google Inc

Authority:
VeriSign, Inc.

Valid from:
1/29/2014 8:00:00 AM

Valid to:
1/30/2016 7:59:59 AM

Subject:
CN=Google Inc, OU=Digital ID Class 3 - Java Object Signing, OU=Digital ID Class 3 - Java Object Signing, O=Google Inc, L=Mountain View, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2912C70C9A2B8A3EF6F6074662D68B8D

File PE Metadata
Compilation timestamp:
6/19/2014 3:43:05 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
393216:rS/WWzmWnru+51Tp147BPzZsOuoUf92kL:ofNq21w7B1JU1B

Entry address:
0xCA069

Entry point:
E8, AE, 88, 00, 00, E9, 89, FE, FF, FF, E8, 94, 89, 00, 00, 85, C0, 74, 08, 6A, 16, E8, 96, 89, 00, 00, 59, F6, 05, 28, A2, 52, 00, 02, 74, 11, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, 66, F3, FF, FF, 83, C4, 0C, 6A, 03, E8, 06, 1C, 00, 00, CC, 8B, FF, 55, 8B, EC, 8B, 4D, 0C, A1, 28, A2, 52, 00, 8B, 55, 08, 23, 55, 0C, F7, D1, 23, C8, 0B, CA, 89, 0D, 28, A2, 52, 00, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, 79, 85, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48...
 
[+]

Entropy:
7.9620  (probably packed)

Code size:
991 KB (1,014,784 bytes)

The file googlepinyininstaller.exe has been seen being distributed by the following 9 URLs.

http://dlc2.pconline.com.cn/filedown_359427_6970536/.../GooglePinyinInstaller.exe

http://w.x.baidu.com/alading/.../13545

http://soft.duote.org/googlepinyinx.exe

http://more.tianjimedia.com/soft/down.jsp?id=420413&f=bing&path=http://dl.google.com/pinyin/.../GooglePinyinInstaller.exe

http://dlsw.baidu.com/sw-search-sp/soft/e0/.../GooglePinyinInstaller.1419846448.exe

http://www.baidu.com/link?url=2dD1v21PW3G0YYMTOLRTkobiS5tkKLeVwnDVNoeidkepaaDwNKBVQYs5GUuvotMrrd3oiwYJBTf2_ahjhAZ2zLHfzuG4WAi9biE7upBGKDO

http://www.baidu.com/link?url=V8loPpYvLMocCE18WG4CoiT-kd4Hebz7o-5fQzLzyq1pNMwoESLBtoK8gO_ePBKFgle-mkohnD4qrBNgzUdn6mjmqT6meQko_aBjcI6mqeO

https://dl.google.com/pinyin/.../GooglePinyinInstaller.exe

http://dl.google.com/pinyin/.../GooglePinyinInstaller.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.