ifeng.exe

Beijing Tian Ying Jiu Zhou Network Technology Co.,Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘IFeng’.
MD5:
539cb291b976520638b08d9b8f12a75b

SHA-1:
ff41de72b4de17ebbcf7d62f9dff3b9c2409fffc

SHA-256:
db5f1b0066b6467a800428d8fcce3579336a5c355aa562838c6750849109d15e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/29/2024 5:56:49 PM UTC  (today)

File size:
415.1 KB (425,096 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ifeng\ifeng.exe

Digital Signature
Authority:
Entrust, Inc.

Valid from:
11/25/2013 9:30:03 PM

Valid to:
11/26/2014 1:05:48 PM

Subject:
CN="Beijing Tian Ying Jiu Zhou Network Technology Co.,Ltd", O="Beijing Tian Ying Jiu Zhou Network Technology Co.,Ltd", L=Beijing, C=CN

Issuer:
CN=Entrust Code Signing Certification Authority - L1D, OU="(c) 2009 Entrust, Inc.", OU=www.entrust.net/rpa is incorporated by reference, O="Entrust, Inc.", C=US

Serial number:
4C17610E

File PE Metadata
Compilation timestamp:
6/11/2014 9:00:58 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:hobbAwvkiZ+aNIrX3mjIHFFUTdHe1dHdaVQWpmnB9UQg4OvNOVidxIoMP4xRn:iueVQWpmnB9aVAifn

Entry address:
0x3AF79

Entry point:
E8, DA, 03, 00, 00, E9, 37, FD, FF, FF, CC, FF, 25, C0, 13, 44, 00, CC, CC, 68, E5, AF, 43, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 1C, E0, 44, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, 68, 06, AA...
 
[+]

Entropy:
6.7568

Code size:
252.5 KB (258,560 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
IFeng

Command:
C:\Program Files\ifeng\ifeng.exe


Scan ifeng.exe - Powered by Reason Core Security