home

hao123_movies_[c=1111]__90027596_o2_hao_.exe

hao123桔子浏览器

Beijing baidu Netcom science and technology co.ltd

The application hao123_movies_[c=1111]__90027596_o2_hao_.exe by Beijing baidu Netcom science and technology co.ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from update.123juzi.net.
Publisher:
123Juzi.COM  (signed by Beijing baidu Netcom science and technology co.ltd)

Product:
hao123桔子浏览器

Version:
1.1.9.8

MD5:
ea47c6dd76a4bbda0dfaa5ca24261d75

SHA-1:
77c7824e7645ce0b3a14c6cfeb47aef3aaaecf88

SHA-256:
a1e6273eb18f2de50f597387f245b667dc210e039ec87fd39727aa4dcfebfe79

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/6/2024 3:47:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Hao123 (L)
16.7.31.19

File size:
2 MB (2,114,456 bytes)

Product version:
1.1.9.8

Copyright:
Copyright @ 2014 123Juzi.COM. All Rights Reserved.

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\downloads\hao123_movies_[c=1111]__90027596_o2_hao_.exe

Digital Signature
Signed by:
Beijing baidu Netcom science and technology co.ltd

Authority:
VeriSign, Inc.

Valid from:
2/27/2012 8:00:00 AM

Valid to:
2/27/2015 7:59:59 AM

Subject:
CN=Beijing baidu Netcom science and technology co.ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Beijing baidu Netcom science and technology co.ltd, L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
56659719569BE07B775A1B2275E2D83A

File PE Metadata
Compilation timestamp:
11/6/2014 3:56:42 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:/kSLLI+MkRpt4h81k1zzlGmW7ufJ5g2lC:ZLZl4hT4mWO42

Entry address:
0x1C51F

Entry point:
55, 8B, EC, 6A, FF, 68, E0, ED, 41, 00, 68, 46, C3, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, E0, E2, 41, 00, 59, 83, 0D, 64, 76, 42, 00, FF, 83, 0D, 68, 76, 42, 00, FF, FF, 15, DC, E2, 41, 00, 8B, 0D, 4C, 72, 42, 00, 89, 08, FF, 15, D8, E2, 41, 00, 8B, 0D, 48, 72, 42, 00, 89, 08, A1, D4, E2, 41, 00, 8B, 00, A3, 60, 76, 42, 00, E8, 57, 01, 00, 00, 39, 1D, 38, 5C, 42, 00, 75, 0C, 68, E2, C6, 41, 00, FF, 15, D0, E2...
 
[+]

Entropy:
7.9480

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
116 KB (118,784 bytes)

The file hao123_movies_[c=1111]__90027596_o2_hao_.exe has been seen being distributed by the following URL.

http://update.123juzi.net/dl.php?edition=hao123_juzi_canal&cid=90027596_o2_hao_&c=1111

Remove hao123_movies_[c=1111]__90027596_o2_hao_.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.