hao123saudi.exe

hao123 Desktop Shortcut

The application hao123saudi.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from sa.hao123.com.
Product:
hao123 Desktop Shortcut

Version:
1.0.0.1108

MD5:
7ff38fba571b617e0c7932b6d39cb6ce

SHA-1:
5ea68504e82077ca6ce1aba1b5a9f3cf942c6ec0

SHA-256:
05487c8e58974d4f99f9e882a1feb04b3e753301947f3544e3d9ea4f6534d19d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:50:33 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Hao123 (M)
16.8.3.0

File size:
667.8 KB (683,864 bytes)

Product version:
1.0.0.1108

Copyright:
(C) 2011 Baidu.com。All Rights Reserved.

Original file name:
Hao123DeskSetup.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
4/10/2010 2:19:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:NmqnGjHgXTV/Jvt7VcqQxz7zgo/1PzMxD5SGv4ySfskqPQasZ62ESxZ:NmqnGjkTV/JvtAxUq1bMxD8GvbkqPQJz

Entry address:
0x354B

Entry point:
8B, EF, 0F, B7, CA, 31, CA, 03, FD, F7, C2, 6C, 33, D5, 7C, FF, C2, 21, CF, 69, FB, 70, E6, C4, 17, 81, FE, 08, BF, 00, 00, 71, 07, 09, CA, 35, D5, CB, 0D, 1D, F7, C3, E1, E5, 73, C6, 80, FD, 8A, 86, D8, E8, 5F, 00, 00, 00, 89, F3, 0D, 2E, 01, A5, 50, 87, FB, 84, F9, 4E, 48, EB, 09, FE, CD, FF, CD, 35, 23, 58, 47, 73, BA, 3B, 03, 08, 00, 8A, C1, 4E, 81, EA, C2, F7, 07, 00, 14, 40, 0F, BE, E9, 04, AE, 3C, 79, 81, E0, F7, 11, 86, 45, 4F, 81, EA, 6C, 07, 00, 00, 80, C3, C8, 80, E8, 30, 81, C2, 6B, 07, 00, 00...
 
[+]

Entropy:
7.9382  (probably packed)

Code size:
25 KB (25,600 bytes)

The file hao123saudi.exe has been seen being distributed by the following URL.

Remove hao123saudi.exe - Powered by Reason Core Security