guagua_70750000202.exe

GirlShow

金华长风信息技术有限公司

The application guagua_70750000202.exe by 金华长风信息技术有限公司 has been detected as a potentially unwanted program by 29 anti-malware scanners. The file has been seen being downloaded from download.re58.cn.
Publisher:
金华长风信息技术有限公司  (signed and verified)

Product:
GirlShow

Version:
1.1.0.0

MD5:
f951a17f9892add6be51b7f84638defe

SHA-1:
7f75941eea29a912b9dfef396d2b67e61dd94b80

SHA-256:
4ed7fc0722f22524e061b1970ab73ae34855f494f2bfa231f666e15cc6eb617e

Scanner detections:
29 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 8:10:42 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11455334
919

AVG
Skodna.Bundle_c
2015.0.3397

Bitdefender
Trojan.Generic.11455334
1.0.20.1060

Dr.Web
Adware.PornTool.14
9.0.1.0212

ESET NOD32
Win32/PornTool.GuaGua
8.10182

F-Secure
Trojan.Generic.11455334
11.2014-31-07_5

G Data
Trojan.Generic.11455334
14.7.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.181.12898

Malwarebytes
Trojan.Chad.GS
v2014.07.31.09

McAfee
Artemis!F951A17F9892
5600.7053

MicroWorld eScan
Trojan.Generic.11455334
15.0.0.636

nProtect
Trojan.Generic.11455334
14.07.30.01

VIPRE Antivirus
Trojan.Win32.Generic
31780

ViRobot
Adware.Agent.921448
2011.4.7.4223

File size:
899.9 KB (921,448 bytes)

Product version:
1.1.0.0

Copyright:
Copyright (C) 2013 Jinhua Changfeng

Original file name:
GirlShow.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\guagua_70750000202.exe

Digital Signature
Authority:
WoSign eCommerce Services Limited

Valid from:
12/26/2012 1:33:39 PM

Valid to:
12/29/2014 9:59:24 PM

Subject:
E=mingming@17guagua.com, CN=金华长风信息技术有限公司, O=金华长风信息技术有限公司, L=金华市, S=浙江省, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:
05D9C92A765ECD

File PE Metadata
Compilation timestamp:
3/7/2014 4:02:20 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
24576:JhJTGfZS6EZj7GyxIQrTdRYbhlSs9hxYNvi+B:MS6EdGyxIQNRYVU4iAA

Entry address:
0x31051

Entry point:
6A, 60, 68, F8, 8E, 45, 00, E8, 73, 08, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 67, F5, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, FC, 02, 45, 00, 8B, 4E, 10, 89, 0D, 90, A7, 46, 00, 8B, 46, 04, A3, 9C, A7, 46, 00, 8B, 56, 08, 89, 15, A0, A7, 46, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 94, A7, 46, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 94, A7, 46, 00, C1, E0, 08, 03, C2, A3, 98, A7, 46, 00, 33, F6, 56, 8B, 3D, 1C, 02, 45, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Entropy:
7.3066

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
316 KB (323,584 bytes)

The file guagua_70750000202.exe has been seen being distributed by the following URL.

Remove guagua_70750000202.exe - Powered by Reason Core Security