home

nnvip9_36996.exe

快看影视

FENGSHANG YUNQI Culture Media (Beijing) Co., Ltd

Publisher:
kuaikan studio  (signed by FENGSHANG YUNQI Culture Media (Beijing) Co., Ltd)

Product:
快看影视

Description:
快看影视主程序

Version:
1.0.37.0318

MD5:
8b2c497c979f8738568fa48fe656b2fa

SHA-1:
8f36a7b61845eee38ae901c14cada293a4dd874f

SHA-256:
3f0dbb112f7e656d88e94e2cc6edc7a4fa962bf5e91422215d03593aa2cdb9c9

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/5/2024 2:21:10 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
probably STPAGE.Trojan
9.0.1.05190

File size:
2.1 MB (2,228,952 bytes)

Product version:
1.0.37.0318

Copyright:
Copyright (C) 2015 kuaikan studio

Original file name:
KKShowedFilms.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\My documents\downloads\nnvip9_36996.exe

Digital Signature
Signed by:
FENGSHANG YUNQI Culture Media (Beijing) Co., Ltd

Authority:
WoSign CA Limited

Valid from:
10/27/2015 1:51:09 PM

Valid to:
10/27/2016 1:51:09 PM

Subject:
CN="FENGSHANG YUNQI Culture Media (Beijing) Co., Ltd", O="FENGSHANG YUNQI Culture Media (Beijing) Co., Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA G2, O=WoSign CA Limited, C=CN

Serial number:
5BA22DD56638592FA5283CAFD23A41D9

File PE Metadata
Compilation timestamp:
3/18/2016 10:35:54 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:jp7JmH/mGb2gSC58xWrzS9wtNaMIDG2evIUkFqz+LXdaBSp:jp7m17t8xWrz+wtNXIDGzvIUE8yXoBC

Entry address:
0x732BE

Entry point:
E8, F0, 91, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, A0, 32, 4A, 00, 75, 02, F3, C3, E9, 5F, 93, 00, 00, 58, 59, 87, 04, 24, FF, E0, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, 4A, 3D, 00, 00, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, 34, 3D, 00, 00, CC, CC, CC, CC, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 57, C6, 45, FF, 00, 8B, 7B, 08, 8D, 73, 10, 33, 3D, A0, 32, 4A, 00, C7, 45, F4, 01, 00, 00, 00, 8B, 07, 83, F8, FE, 74, 0D, 8B, 4F, 04, 03...
 
[+]

Entropy:
7.7342  (probably packed)

Code size:
531.5 KB (544,256 bytes)

Scan nnvip9_36996.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.