» minidwep@57_64759.exe
Overview
Analysis
File Details
Downloads (1)

minidwep@57_64759.exe

Downloader

Li Xin

The application minidwep@57_64759.exe by Li Xin has been detected as a potentially unwanted program by 18 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from down.xiazai2.net.

File name:

Publisher:

Li Xin (signed and verified)

Product:

Downloader

Version:

6.0.0.1

MD5:

0a9e7e5bc35fa10ace323411f601ccba

SHA-1:

b51fb9fe3da068910aaa5e37e853df819dd91dd2

SHA-256:

d64dcff1ee6b982ebf46676ea88117931b8a055401cbdff95c1fd7e841bf0bfa

Scanner detections:

18 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 10:56:02 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.Helper

2015.10.23

AVG

Generic

2016.0.2947

Baidu Antivirus

PUA.Win32.Softcnapp

4.0.3.151023

Bkav FE

W32.HfsAdware

1.3.0.7383

Clam AntiVirus

Win.Trojan.Generickd-1403

0.98/21511

Dr.Web

Trojan.Siggen6.36073

9.0.1.0296

ESET NOD32

Win32/Softcnapp.H potentially unwanted (variant)

9.12454

Fortinet FortiGate

W32/Generic.AC.2003

10/23/2015

K7 AntiVirus

Unwanted-Program

13.211.17627

Malwarebytes

PUP.Optional.Softcnapp

v2015.10.23.09

McAfee

Artemis!0A9E7E5BC35F

5600.6603

NANO AntiVirus

Trojan.Win32.Winlock.dqvnat

0.30.26.3947

Panda Antivirus

Trj/Genetic.gen

15.10.23.09

Sophos

Mal/Agent-ARF

4.98

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

44760

Zillya! Antivirus

Adware.Agent.Win32.79353

2.0.0.2468

File size:

256.2 KB (262,328 bytes)

Product version:

6.0.0.1

Original file name:

Downloader

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Digital Signature

Signed by:

Li Xin

Authority:

WoSign CA Limited

Valid from:

3/13/2015 9:55:41 AM

Valid to:

3/13/2016 10:55:41 AM

Subject:

CN=Li Xin, L=Yingshan, S=Sichuan, C=CN

Issuer:

CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

4EC8808F9295E7018CE5A64639E18B6B

File PE Metadata

Compilation timestamp:

9/4/2014 1:19:34 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:II2PdXOXB/oE0vsiBN8wVUMMOu9/XrrMh7yOe1pIZH0Y+:FGdX6/xyOwViOu9/X/M4Z3I1+

Entry address:

0x3384

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, A8, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, B8, 2C, 43, 00, E8, FE, 24, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 2B, 43, 00, 8D, 44, 24, 38, 50, 53, 68, 3B, 74, 40, 00, FF, 15, 58, 71, 40, 00, 68, 30, 74, 40, 00, 68, C0, 0B, 43, 00, E8, F0, 23, 00, 00, FF, 15, B0, 70, 40, 00, 50, BF, 00, 70, 44, 00, 57, E8, DE, 23, 00, 00... 
[+]

Entropy:

7.7334

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file minidwep@57_64759.exe has been seen being distributed by the following URL.

http://down.xiazai2.net/?/28715/.../easyrecovery.exe

Remove minidwep@57_64759.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.