» heikegjb_gr_8100003655327033128.exe
Overview
Analysis
File Details
Downloads (1)

heikegjb_gr_8100003655327033128.exe

downer for windows

Riyue Tongxing Information Technology (Beijing) Co.,Ltd.

The application heikegjb_gr_8100003655327033128.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. This is a setup program which is used to install the application. Infected by the Parite virus, a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives. The file has been seen being downloaded from dl.pconline.com.cn.

File name:

Publisher:

Riyue Tongxing Information Technology (Beijing) Co.,Ltd.

Product:

downer for windows

Version:

1.3.1.14

MD5:

dda556b14ad5844a3a55c0448de8dcd6

SHA-1:

82dc64ea8226d3af63dc3d5758be38188da4879c

SHA-256:

05f2cb383fc06787bee6463e3116005a8e6003cd0ab597ec95d8e1fe587af51c

Scanner detections:

11 / 68

Status:

Potentially unwanted

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/24/2024 6:39:05 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Parite

160518-2

AVG

Win32/Parite

2015.0.4568

Dr.Web

Adware.Downware.14102, Win32.Parite.2

9.0.1.05190

Emsisoft Anti-Malware

Win32.Parite

11.5.0.6191

ESET NOD32

Win32/Parite.B virus

8.0.319.0

F-Prot

W32/Parite.B

4.6.5.141

Kaspersky

Virus.Win32.Parite

15.0.0.562

McAfee

Virus.Generic Downloader.c

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.223.1964.0

Norman

Win32.Parite.B

28.05.2016 15:32:18

VIPRE Antivirus

Threat.46249

50170

File size:

1.1 MB (1,204,704 bytes)

Product version:

1.3.1.14

Riyue Tongxing Information Technology (Beijing) Co.,Ltd.

Original file name:

downer

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\users\{user}\downloads\heikegjb_gr_8100003655327033128.exe

File PE Metadata

Compilation timestamp:

2/16/2016 9:41:51 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:cPKJecZwWJUySDUX0GBFYO2u1dOmUPx3godBATPge:47SitIX/BmHu1zUPx3godup

Entry address:

0x261000

Entry point:

90, 90, 68, 94, C4, D4, 02, 59, 90, 90, 68, 26, 10, 66, 00, 5F, 90, 68, 98, 05, 00, 00, 5A, 90, 90, 31, 0C, 3A, 90, 90, 83, EA, 02, 83, EA, 02, 90, 75, F2, 90, 90, 90, 7C, B9, D5, 02, 94, C4, D4, 02, 94, C4, 94, 02, 74, 48, F1, 02, C4, 6F, DB, 02, 74, 75, DB, 02, 94, 74, D6, 02, 6B, 3B, 2B, FD, 8C, C1, B2, 02, 88, C2, B2, 02, BE, C2, B2, 02, 94, C4, D4, 02, 94, C4, D4, 02, 94, C4, D4, 02, 8C, 4D, DB, 02, 8E, C2, F2, 02, BC, C2, F2, 02, 94, C4, D4, 02, 94, C4, D4, 02, 94, C4, D4, 02, 94, C4, D4, 02, 94, C4... 
[+]

Entropy:

7.8946 (probably packed)

Code size:

964 KB (987,136 bytes)

The file heikegjb_gr_8100003655327033128.exe has been seen being distributed by the following URL.

http://dl.pconline.com.cn/intf/.../downLoadTool.jsp?masterId=365532&ipType=1&riYueToken=UTJyk2w7

Remove heikegjb_gr_8100003655327033128.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.