home

icontip3h3.exe

Xiamen xunrui network tech Co.,Ltd

Publisher:
Xiamen xunrui network tech Co.,Ltd  (signed and verified)

Version:
1.0.0.0

MD5:
98e359406ea99403da024df842462da5

SHA-1:
1b275f927bbdee7ac32e16cf603184597f5e3bca

SHA-256:
d422ce88d7ff1e2cca6438fe776be88b5faa16ae4ec345f7815f4aaf50b351f2

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/6/2024 12:34:28 AM UTC  (today)

Scan engine
Detection
Engine version

Kaspersky
Trojan-Downloader.Win32.Refroso
14.0.0.1404

NANO AntiVirus
Riskware.Win32.Inject.cvcbdu
0.28.6.62995

Quick Heal
RiskTool.Inject.ga (Not a Virus)
9.15.14.00

Vba32 AntiVirus
TrojanDownloader.Refroso
3.12.26.3

File size:
1.8 MB (1,872,880 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
Xiamen xunrui network tech Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
7/4/2013 7:00:00 AM

Valid to:
7/5/2014 6:59:59 AM

Subject:
CN="Xiamen xunrui network tech Co.,Ltd", OU=技术部, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Xiamen xunrui network tech Co.,Ltd", L=Xiamen, S=Fujian, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2D3A170AF8383DD8B63F60137D97D7E4

File PE Metadata
Compilation timestamp:
10/26/2013 10:59:11 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:lcThbJX6fJ3xeSSgkM6GiHClph2TzeLG1kWiCy:WFqfWHClbRMy

Entry address:
0x149338

Entry point:
55, 8B, EC, 83, C4, F0, 53, 56, B8, 6C, 13, 54, 00, E8, 2E, 16, EC, FF, 8B, 1D, A0, 26, 55, 00, 8B, 03, E8, 89, 90, FC, FF, 6A, 00, 68, DC, 93, 54, 00, 6A, 00, 6A, 00, E8, 81, 49, EC, FF, 50, E8, CF, 4C, EC, FF, 3D, 02, 01, 00, 00, 74, 61, 8B, 0D, 24, 22, 55, 00, 8B, 03, 8B, 15, BC, 03, 54, 00, E8, 71, 90, FC, FF, 8B, 03, 33, D2, E8, 70, AD, FC, FF, 8B, 03, 8B, 80, 78, 01, 00, 00, BA, EC, FF, FF, FF, 52, 50, E8, 20, 58, EC, FF, 8B, 13, 8B, 92, 78, 01, 00, 00, BE, EC, FF, FF, FF, 0D, 80, 00, 00, 00, 50, 56...
 
[+]

Entropy:
6.4771

Developed / compiled with:
Microsoft Visual C++

Code size:
1.3 MB (1,342,464 bytes)

Scan icontip3h3.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.