nnvip10_00004.exe

快看影视

FENGSHANG YUNQI Culture Media (Beijing) Co., Ltd

This is a setup program which is used to install the application. The file has been seen being downloaded from www.baidu.com and multiple other hosts.
Publisher:
kuaikan studio  (signed by FENGSHANG YUNQI Culture Media (Beijing) Co., Ltd)

Product:
快看影视

Description:
快看影视主程序

Version:
1.0.38.0323

MD5:
11a0b8471d79d4c07871c1bd98de9179

SHA-1:
38a6fc4d4e9bf0b09e2d693c6ae9528722d8227c

SHA-256:
e216f8d70ba6ff95e0ce51ef050075bd26d44f3a2ace5a0a9f35f500661c47e9

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 8:11:36 PM UTC  (today)

File size:
2.2 MB (2,328,280 bytes)

Product version:
1.0.38.0323

Copyright:
Copyright (C) 2015 kuaikan studio

Original file name:
KKShowedFilms.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\nnvip10_00004.exe

Digital Signature
Authority:
WoSign CA Limited

Valid from:
10/27/2015 2:51:09 PM

Valid to:
10/27/2016 2:51:09 PM

Subject:
CN="FENGSHANG YUNQI Culture Media (Beijing) Co., Ltd", O="FENGSHANG YUNQI Culture Media (Beijing) Co., Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA G2, O=WoSign CA Limited, C=CN

Serial number:
5BA22DD56638592FA5283CAFD23A41D9

File PE Metadata
Compilation timestamp:
3/23/2016 2:51:39 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:rhQNztONGbK9SC58ot5d2J4rZASa6nwAS9aC5kPz7ABoSnXcHOsuIOgTr1hU:rhQCY6t865d2J4rKqnwAS9abPz7ADXHf

Entry address:
0x7389E

Entry point:
E8, F0, 91, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, A0, 42, 4A, 00, 75, 02, F3, C3, E9, 5F, 93, 00, 00, 58, 59, 87, 04, 24, FF, E0, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, BA, 49, 00, 00, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, A4, 49, 00, 00, CC, CC, CC, CC, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 57, C6, 45, FF, 00, 8B, 7B, 08, 8D, 73, 10, 33, 3D, A0, 42, 4A, 00, C7, 45, F4, 01, 00, 00, 00, 8B, 07, 83, F8, FE, 74, 0D, 8B, 4F, 04, 03...
 
[+]

Entropy:
7.7454  (probably packed)

Code size:
533 KB (545,792 bytes)

The file nnvip10_00004.exe has been seen being distributed by the following 14 URLs.

http://www.baidu.com/cb.php?c=IgF_pyfqnHRdPHc4n1R0IZ0qnfK9ujYznHR4P1f40Aw-5Hc1nHmdPWn0TAq15Hc1rjcYPjb0T1YzrAuWmvmvuAnduyfdrHnv0AwY5HDYPWDYrHcvn1n0IgF_5y9YIZ0lQzqbULI8QhF4IAN9TB4WUvYEpv_EnH0kPBtzn1Dd0ZFb5Hm0mhYqn0KsTWYkrj00Iy-b5HD1rHnkPjm0Uv-b5Hc3nH640APGujYdnjfvPfKEIv3qn0KsXHYznjm0mLFW5HRYPW0k

http://www.baidu.com/cb.php?c=IgF_pyfqnHRdPHc4n1R0IZ0qnfK9ujYznHR4P1f40Aw-5Hc1nHmdPWn0TAq15Hc1rjcYPjb0T1dhmHKbnHmsryn3nhnsn1TL0AwY5HDYPW03P163rH60IgF_5y9YIZ0lQzqbULI8QhF4IAN9TB4WUvYEpv_EnH0kPBtzn1Dd0ZFb5HT0mhYqn0KsTWYkrj00Iy-b5HD1rHnkPjm0Uv-b5Hc3nH640APGujYdnjfvPfKEIv3qn0KsXHYznjm0mLFW5Hc3nWT3

http://www.baidu.com/cb.php?c=IgF_pyfqnHRdPHc4n1R0IZ0qnfK9ujYznHR4P1f40Aw-5Hc1nHmdPWn0TAq15Hc1rjcYPjb0T1d9uHcdnj7WPWwWuWfzuHwW0AwY5HDYPWDYnWD1rj60IgF_5y9YIZ0lQzqbULI8QhF4IAN9TB4WUvYEpv_EnH0kPBtzn1Dd0ZFb5HT0mhYqn0KsTWYkrj00Iy-b5HD1rHnkPjm0Uv-b5Hc3nH640APGujYdnjfvPfKEIv3qn0KsXHYznjm0mLFW5HnvPj0d

http://down.bytear.com/kk/.../36772

temp:nvp6_2315.exe

http://www.baidu.com/cb.php?c=IgF_pyfqnHRdPHc4n1R0IZ0qnfK9ujYznHR4P1f40Aw-5Hc1nHmdPWn0TAq15Hc1rjcYPjb0T1d-nHmsmhDvryfLPjwWPHuW0AwY5HDYPWDYrHRvrj60IgF_5y9YIZ0lQzqbULI8QhF4IAN9TB4WUvYEpv_EnH0kPBtzn1Dd0ZFb5HT0mhYqn0KsTWYkrj00Iy-b5HD1rHnkPjm0Uv-b5Hc3nH640APGujYdnjfvPfKEIv3qn0KsXHYznjm0mLFW5HmsPjR4

http://down.bytear.com/kk/.../13095

Scan nnvip10_00004.exe - Powered by Reason Core Security