home

ifeng.exe

Beijing Tian Ying Jiu Zhou Network Technology Co.,Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘IFeng’.
Publisher:
Beijing Tian Ying Jiu Zhou Network Technology Co.,Ltd  (signed and verified)

MD5:
2ad0d5eb40356f5ab207c3378a28edd7

SHA-1:
baea95c84a490da4f835620478d35bd0d9ab893d

SHA-256:
d064f4ea98b27baab15e5cd9cea4c9c5b8849c754c0d85baac0a2503ce2d1704

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/29/2024 5:52:45 PM UTC  (today)

File size:
384.6 KB (393,864 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ifeng\ifeng.exe

Digital Signature
Signed by:
Beijing Tian Ying Jiu Zhou Network Technology Co.,Ltd

Authority:
Entrust, Inc.

Valid from:
11/26/2013 10:30:03 AM

Valid to:
11/27/2014 2:05:48 AM

Subject:
CN="Beijing Tian Ying Jiu Zhou Network Technology Co.,Ltd", O="Beijing Tian Ying Jiu Zhou Network Technology Co.,Ltd", L=Beijing, C=CN

Issuer:
CN=Entrust Code Signing Certification Authority - L1D, OU="(c) 2009 Entrust, Inc.", OU=www.entrust.net/rpa is incorporated by reference, O="Entrust, Inc.", C=US

Serial number:
4C17610E

File PE Metadata
Compilation timestamp:
11/29/2013 11:04:01 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:lloalekczmNx7+QyM3Fssvya4gZSo9Iwf75QRbses3MP4W:cwfIses4

Entry address:
0x37F29

Entry point:
E8, DA, 03, 00, 00, E9, 37, FD, FF, FF, CC, FF, 25, 8C, D3, 43, 00, CC, CC, 68, 95, 7F, 43, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 1C, 90, 44, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, 68, B6, 79...
 
[+]

Entropy:
6.7532

Code size:
237 KB (242,688 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
IFeng

Command:
C:\Program Files\ifeng\ifeng.exe


Scan ifeng.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.