» mdu0svbby.exe
Overview
Analysis
File Details

mdu0svbby.exe

Ding Ruan

The application mdu0svbby.exe by Ding Ruan has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

mdu0svbby.exe

Publisher:

Ding Ruan (signed and verified)

MD5:

e586adb77b72b9730fe77d9409a93a02

SHA-1:

f5bb36edd5f7511af853ce61f4d0fd1ecd123944

SHA-256:

730d5e65f8fac9ef48731a5b892e909ed0237e47a895a19cc995200f360b4320

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/9/2024 12:26:37 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ELEX (M)

16.11.29.3

File size:

420.9 KB (431,016 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\mdu0svbby.exe

Digital Signature

Signed by:

Ding Ruan

Authority:

thawte, Inc.

Valid from:

10/31/2016 7:00:00 AM

Valid to:

4/14/2017 6:59:59 AM

Subject:

CN=Ding Ruan, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

1259527043D09E95B6402E3F385E10E7

File PE Metadata

Compilation timestamp:

11/7/2016 11:40:40 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:43I61sw/gEOOSX/f3X/+bpvy1+CDJgPXL:kB1sY1bSPf3K5L

Entry address:

0x651D

Entry point:

E8, 09, C2, FF, FF, E9, EE, 5D, 00, 00, 85, C0, 75, 06, 66, 0F, EF, C0, EB, 11, 66, 0F, 6E, C0, 66, 0F, 60, C0, 66, 0F, 61, C0, 66, 0F, 70, C0, 00, 53, 51, 8B, D9, 83, E3, 0F, 85, DB, 75, 78, 8B, DA, 83, E2, 7F, C1, EB, 07, 74, 30, 66, 0F, 7F, 01, 66, 0F, 7F, 41, 10, 66, 0F, 7F, 41, 20, 66, 0F, 7F, 41, 30, 66, 0F, 7F, 41, 40, 66, 0F, 7F, 41, 50, 66, 0F, 7F, 41, 60, 66, 0F, 7F, 41, 70, 8D, 89, 80, 00, 00, 00, 4B, 75, D0, 85, D2, 74, 37, 8B, DA, C1, EB, 04, 74, 0F, EB, 03, 8D, 49, 00, 66, 0F, 7F, 01, 8D, 49... 
[+]

Entropy:

7.7732 (probably packed)

Code size:

368.5 KB (377,344 bytes)

Remove mdu0svbby.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.