home

ifoxdaily.exe

Fei 应用程序

Beijing Wenyue Technology Co.,Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘VDM’.
Publisher:
Beijing Wenyue Technology Co.,Ltd.  (signed and verified)

Product:
Fei 应用程序

Description:
Fei Microsoft 基础类应用程序

Version:
1, 0, 0, 1

MD5:
34c9e6146c49ba9b35aac5ad3def2c59

SHA-1:
eeb4c7a2c7584c91f50f8b3660ff0f11b0cbb74d

SHA-256:
1f1bd7cadf992def5fee7bd0eb2837d372c90fb771d0d6c04a1c8af5d92cf19d

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/28/2024 2:40:03 AM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/SelfStarterInternetTrojan!M
v6.4.7.1.166

IKARUS anti.virus
not-a-virus:AdWare.Win32.Cinmus
t3scan.2.2.29

File size:
134.8 KB (138,000 bytes)

Product version:
1, 0, 0, 1

Copyright:
版权所有 (C) 2012

Original file name:
Fei.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\flashfox\ifoxdaily.exe

Digital Signature
Signed by:
Beijing Wenyue Technology Co.,Ltd.

Authority:
Thawte, Inc.

Valid from:
9/24/2012 8:00:00 AM

Valid to:
9/25/2013 7:59:59 AM

Subject:
CN="Beijing Wenyue Technology Co.,Ltd.", OU=IThelp, O="Beijing Wenyue Technology Co.,Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
58FD6DC5B97B2BA3D40A475127EF2DCC

File PE Metadata
Compilation timestamp:
12/29/2012 5:10:07 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:oODsLbRQ8QZoAUxZrI/sXf2jvn8DuJfUFduP:oCsLlgSI+m8DuJfUFIP

Entry address:
0x14760

Entry point:
55, 8B, EC, 6A, FF, 68, 38, 83, 41, 00, 68, 26, 47, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 64, 75, 41, 00, 59, 83, 0D, 2C, C4, 41, 00, FF, 83, 0D, 30, C4, 41, 00, FF, FF, 15, B0, 75, 41, 00, 8B, 0D, 20, C4, 41, 00, 89, 08, FF, 15, 04, 76, 41, 00, 8B, 0D, 1C, C4, 41, 00, 89, 08, A1, 08, 76, 41, 00, 8B, 00, A3, 28, C4, 41, 00, E8, 1C, 01, 00, 00, 39, 1D, E8, C0, 41, 00, 75, 0C, 68, E8, 48, 41, 00, FF, 15, 0C, 76...
 
[+]

Entropy:
5.8551

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
88 KB (90,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
VDM

Command:
C:\Program Files\flashfox\ifoxdaily.exe


Scan ifoxdaily.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.