of.1.exe

Ding Ruan

The application of.1.exe by Ding Ruan has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Ding Ruan  (signed and verified)

MD5:
1d60ea6d3c00e1ab46a2c6b351077feb

SHA-1:
2892c35ccb5291ed4124e955fc8c7daa506c37e0

SHA-256:
e9cd0eec5ece7ca67a1b7f928a588eeb50780054bfc536d0043cec8548311dae

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 10:57:10 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX (M)
16.12.18.0

File size:
411 KB (420,912 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\of.1.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
12/13/2016 1:00:00 AM

Valid to:
4/14/2017 1:59:59 AM

Subject:
CN=Ding Ruan, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
380E23B98845B89FF3B35CC826510A35

File PE Metadata
Compilation timestamp:
12/11/2016 3:38:48 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x43AC

Entry point:
E8, D4, DB, FF, FF, E9, 93, 98, 00, 00, 3B, 0D, 18, 50, 46, 00, 75, 02, F3, C3, E9, 41, EA, FF, FF, 53, 56, 8B, 35, 7C, 63, 46, 00, 33, DB, 57, 8B, FB, 85, F6, 75, 1B, 83, C8, FF, E9, A1, 00, 00, 00, 66, 3B, C1, 74, 01, 47, 56, E8, 53, E6, FF, FF, 59, 8D, 34, 46, 83, C6, 02, 0F, B7, 06, 6A, 3D, 59, 66, 85, C0, 75, E2, 8D, 47, 01, 6A, 04, 50, E8, 71, FC, FF, FF, 8B, F8, 89, 3D, C0, 66, 46, 00, 59, 59, 85, FF, 74, C1, 8B, 35, 7C, 63, 46, 00, 66, 39, 1E, 74, 44, 56, E8, 17, E6, FF, FF, 59, 6A, 3D, 8D, 58, 01...
 
[+]

Code size:
369 KB (377,856 bytes)

Remove of.1.exe - Powered by Reason Core Security