kuping_s_50718.exe

安装程序 - 酷屏v4

重庆话语科技有限公司

This is a setup program which is used to install the application. The file has been seen being downloaded from cnrdn.com and multiple other hosts.
Publisher:
话语科技  (signed by 重庆话语科技有限公司)

Product:
安装程序 - 酷屏v4

Version:
1, 0, 0, 1

MD5:
133d1f3154b170997b534799e6f323f8

SHA-1:
443cd5eed8e5b9f7f4b06950aba3a338b95dcf65

SHA-256:
f6f01dd101dd6342043cae6b67f037aaa0f2341a88af0e975cb2c42d9c4171cc

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/27/2024 10:24:07 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Kuping (variant)
8.9308

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.2.2.29

File size:
5.7 MB (5,956,552 bytes)

Product version:
1, 0, 0, 1

Copyright:
版权所有 (C) 2012

Original file name:
Installer.EXE

File type:
Executable application (Win32 EXE)

Language:
Chinese

Common path:
C:\users\{user}\appdata\local\temp\kuping_s_50718.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
6/12/2012 1:00:00 AM

Valid to:
8/9/2013 12:59:59 AM

Subject:
CN=重庆话语科技有限公司, OU=Provided by TrustAsia, O=重庆话语科技有限公司, L=重庆, S=重庆, C=CN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
03866DEB183ABFBF4FF458D4DE7BD73A

File PE Metadata
Compilation timestamp:
1/7/2013 10:36:20 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:0T37e0N1sAECKdyU/8UrR6zSDeH86tg9LT9gt6zgYVogpKvlVewLFV2x:UjN1OCGyUkUt65pg9LPHbQeIc

Entry address:
0x4F001

Entry point:
60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, F0, 04, 00, 83, BD, 22, 04, 00, 00, 00, 89, 9D, 22, 04, 00, 00, 0F, 85, 65, 03, 00, 00, 8D, 85, 2E, 04, 00, 00, 50, FF, 95, 4D, 0F, 00, 00, 89, 85, 26, 04, 00, 00, 8B, F8, 8D, 5D, 5E, 53, 50, FF, 95, 49, 0F, 00, 00, 89, 85, 4D, 05, 00, 00, 8D, 5D, 6B, 53, 57, FF, 95, 49, 0F, 00, 00, 89, 85, 51, 05, 00, 00, 8D, 45, 77, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72...
 
[+]

Packer / compiler:
ASPack v2.12

Code size:
148 KB (151,552 bytes)

The file kuping_s_50718.exe has been seen being distributed by the following 19 URLs.

http://cnrdn.com/aD06

http://www.baidu.com/cb.php?c=IgF_pyfqrHfdnHn4P6KYTjYk0A7b5HDsnHnYnHT0uARqrHn3PHmk0ZKET1YLnjn3n1f0T1d9nhR1myF-uAfkrH6zPWKb0AwY5HD1P16kPH0sn1R0IgF_5y9YIZ0lQzqbULI8UAq9ua4Lmyk_mhD8mvqVQvwEIv4_Uv7bQMKCTaqoIgKGUhIxu-t1n1czri4-XAR0ThfqrHb40AFV5H00TZcqn0Kdpyfqn1RvrHT1PsKEpyfqrHcLPHT0mv-b5HDzrHn3r0KEIv3qrH0knj60mLFW5Hm1Pjcz

Scan kuping_s_50718.exe - Powered by Reason Core Security