home

PalmInput_2.6.0.1672.exe

手心输入法

北京酷睿蒙数字科技有限公司

This is a setup program which is used to install the application. The file has been seen being downloaded from down.xinshuru.com.
Publisher:
北京酷睿蒙数字科技有限公司  (signed and verified)

Product:
手心输入法

Description:
手心输入法 安装程序

Version:
2.6.0.1672

MD5:
67aff574523049c3f55e82d2a882b1c5

SHA-1:
1ad58af3b81242101f2196f4d2532dd6c9efb0da

SHA-256:
c18502c6a8fe7b8e9c72cf955731edd380120d85e7e8041e204c3ace3cc3d7b5

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 11:26:32 AM UTC  (today)

File size:
34.5 MB (36,133,128 bytes)

Product version:
2.6.0.1672

Copyright:
(C) xinshuru.com All Rights Reserved.

Original file name:
PalmInput_2.6.0.1672.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\palminput_2.6.0.1672.exe

Digital Signature
Signed by:
北京酷睿蒙数字科技有限公司

Authority:
WoSign CA Limited

Valid from:
2/22/2016 2:40:05 PM

Valid to:
3/22/2018 2:40:05 PM

Subject:
CN=北京酷睿蒙数字科技有限公司, O=北京酷睿蒙数字科技有限公司, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
684A4BEDF03283EE53282B04ABC26E85

File PE Metadata
Compilation timestamp:
4/15/2016 7:52:00 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
786432:B/sq7yvdvOU54i9xemEVvZ7+aVL3I7mqUTSWTNNj+wzXba3pP:H0lO0d9sVpDF4FUXb2

Entry address:
0x84675

Entry point:
E8, 50, 09, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 51, 83, 65, FC, 00, 56, 8D, 45, FC, 50, FF, 75, 0C, FF, 75, 08, E8, 73, 1C, 01, 00, 8B, F0, 83, C4, 0C, 85, F6, 75, 18, 39, 45, FC, 74, 13, E8, 11, 08, 00, 00, 85, C0, 74, 0A, E8, 08, 08, 00, 00, 8B, 4D, FC, 89, 08, 8B, C6, 5E, C9, C3, CC, CC, CC, 8B, 4C, 24, 0C, 57, 85, C9, 0F, 84, 92, 00, 00, 00, 56, 53, 8B, D9, 8B, 74, 24, 14, F7, C6, 03, 00, 00, 00, 8B, 7C, 24, 10, 75, 0B, C1, E9, 02, 0F, 85, 85, 00, 00, 00, EB, 27, 8A, 06, 83, C6, 01, 88, 07, 83, C7...
 
[+]

Entropy:
7.9813  (probably packed)

Code size:
666.5 KB (682,496 bytes)

The file PalmInput_2.6.0.1672.exe has been seen being distributed by the following URL.

http://down.xinshuru.com/.../PalmInput_2.6.0.1672.exe

Scan PalmInput_2.6.0.1672.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.