» newpack.exe
Overview
Analysis
File Details
Downloads (1)

newpack.exe

易语言程序

Win

The application newpack.exe has been detected as a potentially unwanted program by 25 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from deng.qiniudn.com.

File name:

newpack.exe

Publisher:

Win

Product:

易语言程序

Description:

Update dc

Version:

3.7.0.0

MD5:

43d5316302917f9b9cee15a9fc247c3d

SHA-1:

98e1f824d834a9eb0e10284d0746c59234417e6c

SHA-256:

608b3f729b68e3e3db6a4ae482bf5f00f9f7bc89d72e19e5f86499331f261f8f

Scanner detections:

25 / 68

Status:

Potentially unwanted

Analysis date:

12/29/2024 11:45:13 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2069615

623

Agnitum Outpost

PUA.Downloader

7.1.1

avast!

Win32:Malware-gen

2014.9-150523

Baidu Antivirus

Hacktool.Win32.Agent

4.0.3.15523

Bitdefender

Trojan.GenericKD.2069615

1.0.20.715

Comodo Security

Worm.Win32.Dropper.RA

21978

Emsisoft Anti-Malware

Trojan.GenericKD.2069615

8.15.05.23.02

ESET NOD32

Win32/FlyStudio potentially unwanted (variant)

9.11566

Fortinet FortiGate

Riskware/Agent

5/23/2015

F-Secure

Trojan.GenericKD.2069615

11.2015-23-05_7

G Data

Trojan.GenericKD.2069615

15.5.25

IKARUS anti.virus

not-a-virus:Downloader.Agent

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.203.15784

Kaspersky

not-a-virus:Downloader.Win32.Agent

14.0.0.1999

McAfee

Artemis!43D531630291

5600.6757

MicroWorld eScan

Trojan.GenericKD.2069615

16.0.0.429

nProtect

Trojan.GenericKD.2069615

15.04.30.01

Panda Antivirus

Trj/Genetic.gen

15.05.23.02

Quick Heal

Downloader.Agent.r6 (Not a Virus)

5.15.14.00

Sophos

Generic PUA JI

4.98

Trend Micro House Call

TROJ_GEN.F0C2C00AM15

7.2.143

Trend Micro

TROJ_GEN.F0C2C00AM15

10.465.23

Vba32 AntiVirus

Downloader.Agent

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

39886

Zillya! Antivirus

Downloader.Agent.Win32.246693

2.0.0.2164

File size:

359.5 KB (368,128 bytes)

Product version:

3.7.0.0

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

1/7/2015 5:41:56 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:bKoxSC7rTznW9eI+oySFKrRalRZrfXaELnWo1T5ayOCSl2pn4VJhhAb0jEeY:bpxeMoJEYRZrfXawn5Vaym6oAb0I5

Entry address:

0x1B0001

Entry point:

60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, 00, 1B, 00, 83, BD, 88, 04, 00, 00, 00, 89, 9D, 88, 04, 00, 00, 0F, 85, CB, 03, 00, 00, 8D, 85, 94, 04, 00, 00, 50, FF, 95, A9, 0F, 00, 00, 89, 85, 8C, 04, 00, 00, 8B, F0, 8D, 7D, 51, 57, 56, FF, 95, A5, 0F, 00, 00, AB, B0, 00, AE, 75, FD, 38, 07, 75, EE, 8D, 45, 7A, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72, 74, 75, 61, 6C, 46, 72, 65, 65, 00, 56, 69, 72, 74... 
[+]

Entropy:

7.9350

Packer / compiler:

ASPack v2.12

Code size:

548 KB (561,152 bytes)

The file newpack.exe has been seen being distributed by the following URL.

http://deng.qiniudn.com/newpack.exe

Remove newpack.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.