nbyit_zw.exe

Xin Zhou

The executable nbyit_zw.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
Xin Zhou  (signed and verified)

Version:
201607151454

MD5:
500bf808e1bed0cb7e1a7f1147e540de

SHA-1:
3b3cce3b45fa0bb4c1b91de76a5d75e4353311eb

SHA-256:
94302802427e13e6b74a1002a39e6d3592f66951f99b181d6f63d052fc05cdcd

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/25/2024 8:01:31 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.9.29.13

File size:
369.3 KB (378,112 bytes)

Product version:
201607151454

File type:
Executable application (Win32 EXE)

Language:
English (United States d'America)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\nbyit_zw.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
7/12/2016 2:00:00 AM

Valid to:
3/23/2017 12:59:59 AM

Subject:
CN=Xin Zhou, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
1CE3BB3DB355C661097692BBEF7D6ED1

File PE Metadata
Compilation timestamp:
7/15/2016 8:58:05 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:kU7GQVq5WLweqLAA5NMZC+OJxHswAqJCTpfpF:kuGQKWLwB56ZFOPscwFpF

Entry address:
0x2A192

Entry point:
E8, FA, 9C, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 40, B1, 45, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, F4, 92, 45, 00, 01, 0F, 82, 16, A2, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9...
 
[+]

Code size:
288 KB (294,912 bytes)

Remove nbyit_zw.exe - Powered by Reason Core Security