home

jf0620_jzwl.exe

页游登陆器

Shanghai Guangbiao Information Technology Co.,Ltd.

Publisher:
上海广标  (signed by Shanghai Guangbiao Information Technology Co.,Ltd.)

Product:
页游登陆器

Version:
5.8.7.9

MD5:
3f4e8edc97535807eecf15fa8de073bc

SHA-1:
99ff29abff7a43d5a050abb442556836398b878e

SHA-256:
4404378d1e57b006952eb1061c8c3eafb2ff85dedd921cfd6e4a6dcca0a0eb36

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/27/2024 3:46:11 AM UTC  (today)

File size:
2.3 MB (2,363,560 bytes)

Product version:
5.8.7.9

Copyright:
Copyright (C) 2015-2016

Original file name:
tlcqss.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\jf0620_jzwl.exe

Digital Signature
Signed by:
Shanghai Guangbiao Information Technology Co.,Ltd.

Authority:
WoSign CA Limited

Valid from:
5/20/2016 1:50:35 PM

Valid to:
5/20/2017 1:50:35 PM

Subject:
CN="Shanghai Guangbiao Information Technology Co.,Ltd.", O="Shanghai Guangbiao Information Technology Co.,Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
4BB052CFC3F3745FF89F3A1D453BAB22

File PE Metadata
Compilation timestamp:
6/18/2016 5:15:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:jxRhkem7YCvfT5gt9AMNUGXZgHOE78GhYYMAS5ASIl:jhkeTCvNgt9pNUsZoOETYYMAS5ASIl

Entry address:
0x46729

Entry point:
E8, 1F, 6A, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, 90, B8, 47, 00, 75, 02, F3, C3, E9, A1, 6A, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, 2B, 2C, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 53, 09, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 06, 2C, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, 0A, 0F, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 20, 56, 33...
 
[+]

Entropy:
7.5219

Code size:
386 KB (395,264 bytes)

The file jf0620_jzwl.exe has been seen being distributed by the following 2 URLs.

http://box64.uuuo.com/.../yxhz2_jzwl.exe

http://down.weiyinwang.cn/hezi/.../xxrl24_jzwl.exe

Scan jf0620_jzwl.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.