» nnvip1_44072.exe
Overview
Analysis
File Details

nnvip1_44072.exe

快看影视

FENGSHANG YUNQI Culture Media (Beijing) Co., Ltd

File name:

nnvip1_44072.exe

Publisher:

kuaikan studio (signed by FENGSHANG YUNQI Culture Media (Beijing) Co., Ltd)

Product:

快看影视

Description:

快看影视主程序

Version:

1.0.41.0329

MD5:

92ecaaed08b2db063c66eb5280224978

SHA-1:

d47b49bb787c08670a65532f39e5f5c9b81cc2fb

SHA-256:

64b14dfc7e647c80e5a42e4137f6b46755370541ceb7adc898a0fc5ceefb0b1e

Scanner detections:

2 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

11/24/2024 2:25:56 AM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

AdWare.W32.MultiPlug.miB8

2.1.4+

Dr.Web

probably DLOADER.Trojan

9.0.1.05190

File size:

2.2 MB (2,320,088 bytes)

Product version:

1.0.41.0329

Original file name:

KKShowedFilms.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\nnvip1_44072.exe

Digital Signature

Signed by:

FENGSHANG YUNQI Culture Media (Beijing) Co., Ltd

Authority:

WoSign CA Limited

Valid from:

10/27/2015 2:51:09 PM

Valid to:

10/27/2016 2:51:09 PM

Subject:

CN="FENGSHANG YUNQI Culture Media (Beijing) Co., Ltd", O="FENGSHANG YUNQI Culture Media (Beijing) Co., Ltd", L=Beijing, S=Beijing, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA G2, O=WoSign CA Limited, C=CN

Serial number:

5BA22DD56638592FA5283CAFD23A41D9

File PE Metadata

Compilation timestamp:

3/31/2016 12:24:05 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:iW3hKsNbGbZbrXl7SC58+Jpijugwlj7lXUtPAXGo5rYFKGy56:iW3fqZbpt8+Jpi4lBEtoXGo5yKw

Entry address:

0x7462E

Entry point:

E8, EC, 91, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, A0, 52, 4A, 00, 75, 02, F3, C3, E9, 5B, 93, 00, 00, 58, 59, 87, 04, 24, FF, E0, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, 8A, 56, 00, 00, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, 74, 56, 00, 00, CC, CC, CC, CC, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 57, C6, 45, FF, 00, 8B, 7B, 08, 8D, 73, 10, 33, 3D, A0, 52, 4A, 00, C7, 45, F4, 01, 00, 00, 00, 8B, 07, 83, F8, FE, 74, 0D, 8B, 4F, 04, 03... 
[+]

Entropy:

7.7510 (probably packed)

Code size:

537.5 KB (550,400 bytes)

Scan nnvip1_44072.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.