home

hao123_1.1.9.1022_[c=1111]__h2.exe

hao123桔子浏览器

Beijing baidu Netcom science and technology co.ltd

The application hao123_1.1.9.1022_[c=1111]__h2.exe by Beijing baidu Netcom science and technology co.ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from dl.123juzi.net and multiple other hosts.
Publisher:
123Juzi.COM  (signed by Beijing baidu Netcom science and technology co.ltd)

Product:
hao123桔子浏览器

Version:
1.1.9.1022

MD5:
10b60814baeb2466f56b534242fb3019

SHA-1:
5f9b75b42fffed9aa5b316196f3d661be5ea3fb1

SHA-256:
b77ace414c70d5534b1f417fb80de577cc5dcbbdc62cd4f3366db13e72bc25a6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 7:20:50 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Hao123 (L)
16.7.31.19

File size:
2 MB (2,114,488 bytes)

Product version:
1.1.9.1022

Copyright:
Copyright @ 2015 123Juzi.COM. All Rights Reserved.

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\hao123_1.1.9.1022_[c=1111]__h2.exe

Digital Signature
Signed by:
Beijing baidu Netcom science and technology co.ltd

Authority:
VeriSign, Inc.

Valid from:
2/27/2012 8:00:00 AM

Valid to:
2/27/2015 7:59:59 AM

Subject:
CN=Beijing baidu Netcom science and technology co.ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Beijing baidu Netcom science and technology co.ltd, L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
56659719569BE07B775A1B2275E2D83A

File PE Metadata
Compilation timestamp:
2/5/2015 11:34:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:NT/DPPfKN4/nzTZOcJZttqZ8GrsVW1QlRri+qhMmLG77Q5ZHf6ZpL83:xzbzTocJ1qKGS3RrihMn7iZ/

Entry address:
0x1FCFF

Entry point:
55, 8B, EC, 6A, FF, 68, 60, 1E, 42, 00, 68, EC, FA, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 18, 13, 42, 00, 59, 83, 0D, 24, C1, 42, 00, FF, 83, 0D, 28, C1, 42, 00, FF, FF, 15, 14, 13, 42, 00, 8B, 0D, 14, BD, 42, 00, 89, 08, FF, 15, 10, 13, 42, 00, 8B, 0D, 10, BD, 42, 00, 89, 08, A1, 0C, 13, 42, 00, 8B, 00, A3, 20, C1, 42, 00, E8, 57, 01, 00, 00, 39, 1D, C8, A4, 42, 00, 75, 0C, 68, C2, FE, 41, 00, FF, 15, 08, 13...
 
[+]

Entropy:
7.9450

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
128 KB (131,072 bytes)

The file hao123_1.1.9.1022_[c=1111]__h2.exe has been seen being distributed by the following 4 URLs.

http://dl.123juzi.net/hao123_1.1.9.1022_[c=1111]__99753993_o2_hao_.exe

http://dl.123juzi.net/hao123_1.1.9.1022_[c=1111]__97704245_o2_hao_.exe

http://update.123juzi.net/dl3.php?edition=hao123_juzi_canal&cid=h2&c=1111

http://dl.123juzi.net/hao123_1.1.9.1022_[c=1111]__h2.exe

Remove hao123_1.1.9.1022_[c=1111]__h2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.