mini_install.exe

TheWorld Installer

北京世界星辉科技有限责任公司

This is a self-extracting archive and installer. The file has been seen being downloaded from soft.mydiv.net and multiple other hosts.
Publisher:
The TheWorld Authors  (signed by 北京世界星辉科技有限责任公司)

Product:
TheWorld Installer

Version:
7.0.0.108

MD5:
ad42a9f0ab0191a9a1cb8a7d22e3ae29

SHA-1:
0bf3340627cef0fb5ded00452b057311852c6973

SHA-256:
f02a8ccde914d7371c09dba30f2f1a082ccdb1736a1097daa47fae487e3000de

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/25/2024 12:30:01 AM UTC  (today)

File size:
19.7 MB (20,673,544 bytes)

Product version:
7.0.0.108

Copyright:
Copyright 2016 The TheWorld.CN Authors. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\mini_install.exe

Digital Signature
Authority:
WoSign CA Limited

Valid from:
3/1/2016 9:50:54 AM

Valid to:
11/2/2016 9:50:54 AM

Subject:
CN=北京世界星辉科技有限责任公司, O=北京世界星辉科技有限责任公司, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
57D57BDE6D4E22136155683F2E2CAE44

File PE Metadata
Compilation timestamp:
4/14/2016 7:13:14 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
393216:TQDUcAg+H4JmncxO6drPZL5n4/saJd48+gnTZoCaVLaDGqP:TvpLCmnf6hF6/xj+gnVo5aCqP

Entry address:
0x223A

Entry point:
55, 8B, EC, 51, 51, 6A, 00, FF, 15, A0, 50, 40, 00, 50, 8D, 45, F8, 50, E8, C9, 09, 00, 00, 59, 59, FF, 75, F8, FF, 15, 8C, 50, 40, 00, CC, 55, 8B, EC, 81, EC, 14, 02, 00, 00, 53, 56, 8B, 75, 14, 85, F6, 0F, 84, BE, 00, 00, 00, FF, 75, 08, 8D, 4D, F8, FF, 75, 0C, FF, 75, 10, E8, A2, 0D, 00, 00, 8D, 4D, F8, E8, BF, 0D, 00, 00, 84, C0, 0F, 84, 9D, 00, 00, 00, 8D, 4D, F8, E8, B7, 0D, 00, 00, 83, F8, 01, 0F, 82, 8C, 00, 00, 00, 8D, 4D, F8, E8, A6, 0D, 00, 00, 3B, 05, 18, 15, 40, 00, 77, 7C, FF, 36, 33, C0, BB...
 
[+]

Entropy:
7.9993

Developed / compiled with:
Microsoft Visual C++

Code size:
9 KB (9,216 bytes)

The file mini_install.exe has been seen being distributed by the following 2 URLs.

http://soft.mydiv.net/win/dlfiled709f_299810/.../TWInst_7.0.0.108.exe

http://download.theworld.cn/.../TWInst_7.0.0.108.exe

Scan mini_install.exe - Powered by Reason Core Security