pangu9_v1.2.0.exe

Lingbao Qinling Electronics Co., Ltd.

This is a setup program which is used to install the application. The file has been seen being downloaded from download2001.mediafire.com and multiple other hosts.
Publisher:
Lingbao Qinling Electronics Co., Ltd.  (signed and verified)

Version:
1, 2, 0, 0

MD5:
bd4de6ae4dcd241e7fd063c99048f6e8

SHA-1:
2f5fae088e7c1b1058ab4dda826d9cab21d6f57d

SHA-256:
13d8bdcedb2b178ff2b1bedb65fd22a546836fde782dd62cd2015c3b71808580

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 12:14:56 AM UTC  (today)

File size:
71.4 MB (74,830,064 bytes)

Product version:
1, 2, 0, 0

Copyright:
Copyright (C) Pangu Team

Original file name:
Pangu.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
10/12/2015 5:00:00 PM

Valid to:
10/12/2016 4:59:59 PM

Subject:
CN="Lingbao Qinling Electronics Co., Ltd.", OU=DEV, O="Lingbao Qinling Electronics Co., Ltd.", L=Lingbao, S=Henan, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
501C911C485179AB73B730D83BBEF929

File PE Metadata
Compilation timestamp:
10/27/2015 1:58:28 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1572864:yMrYxH6bqKolffhksghdfc7tY5cN26qE285Yk2oI/ucFK9FiHgpz4lkvjWB:yqmH4oosE6WSYk2ZSSgpEuvjWB

Entry address:
0x5CFE0B

Entry point:
EB, 08, 50, 85, 5A, 00, 00, 00, 00, 00, E9, A8, 75, FF, FF, 00, 00, 00, 00, 00, 00, 76, 63, 01, 00, 80, 64, 01, 00, 90, 98, 01, 00, AC, 9A, 01, 00, E0, 2A, 02, 00, 70, 28, 36, 00, 8B, 28, 36, 00, AE, 28, 36, 00, C9, 28, 36, 00, EC, 28, 36, 00, 0F, 29, 36, 00, 4A, 29, 36, 00, 65, 29, 36, 00, 88, 29, 36, 00, B9, 29, 36, 00, D4, 29, 36, 00, 2B, 2A, 36, 00, 46, 2A, 36, 00, 88, 2A, 36, 00, B1, 2A, 36, 00, F5, 2A, 36, 00, 35, 2B, 36, 00, F5, 2C, 36, 00, 30, 2D, 36, 00, 56, 2D, 36, 00, 8D, 2D, 36, 00, B3, 2D, 36...
 
[+]

Entropy:
7.9672  (probably packed)

Code size:
5 MB (5,240,320 bytes)

The file pangu9_v1.2.0.exe has been discovered within the following program.

MyHarmony  by Logitech Inc.
3% remove it
 
Powered by Should I Remove It?

The file pangu9_v1.2.0.exe has been seen being distributed by the following 50 URLs.

http://download2001.mediafire.com/uc698ps9w4zg/.../Pangu9_v1.2.0.exe

http://lnkr.us/get?sourceId=5&uid=49592x1346xzDef&format=go&out=http://dl.pangu.25pp.com/jb/Pangu9_v1.2.0.exe&ref=http://arabapps.net/.../

http://www.iphonefirmware.com/.../Pangu9_v1.2.0.exe

https://mega.nz/temporary/.../7phQVaCY

http://am4-r1f7-stor04.uploaded.net/.../9af75b80-3146-44c7-bd46-d48dbc8ce021

https://mega.nz/persistent/.../3kQVlY7L

http://download1017.mediafire.com/4ixvz4giuxhg/.../Pangu9_v1.2.0.exe

https://mega.nz/persistent/.../e9lmnRwJ

http://download1620.mediafire.com/cyr78iz5oxqg/.../Pangu9_v1.2.0.exe

q=http://nawaf-blog.com/?download=1489&redir_token=sgDiQYFuGR3aMfoPgOhFksUwC798MTQ1NDQ4Mzk0NkAxNDU0Mzk3NTQ2

http://files.downloadpangu.org/Pangu9_v1.2.0.exe

http://download1405.mediafire.com/5ce2da7oe1eg/.../Pangu9_v1.2.0.exe

https://m-kol-bato.smoozed.com/.../download?session_key=89f0d99bea8800a586c578&id=5389295793293368251&seq=1

q=http://nawaf-blog.com/?download=1489&redir_token=HMkc-PcTxnOxOnzHhZhiNLU-9BJ8MTQ1MzQyOTA0MkAxNDUzMzQyNjQy

http://download945.mediafire.com/b6bhr0oah33g/.../Pangu9_v1.2.0.exe

http://download1017.mediafire.com/d9m91dyem6og/.../Pangu9_v1.2.0.exe

http://qd.leaderhero.com/qd/.../Pangu9_v1.2.0.exe

http://am4-r1f7-stor04.uploaded.net/.../be2b1da6-15b0-47a8-bbb7-e7233f48a022

q=http://nawaf-blog.com/?download=1489&redir_token=CnIfN6T_-sqV3o2UZbJkOgt1s3h8MTQ0ODA1NDg4N0AxNDQ3OTY4NDg3

q=http://nawaf-blog.com/?download=1489&redir_token=SkZu-Ob04-WvhKJkiYCSrsYD-_V8MTQ0OTU3MTg0N0AxNDQ5NDg1NDQ3

q=http://nawaf-blog.com/?download=1489&redir_token=OARrc2NsSC_iFs_w3mpVKRRkYaZ8MTQ0ODA2OTk4N0AxNDQ3OTgzNTg3

q=http://nawaf-blog.com/?download=1489&redir_token=Qu1I03YCQbpTrHlSSzg-aYeD1Jt8MTQ1MzUzOTE4N0AxNDUzNDUyNzg3

blob:5954BB1F-E87B-401A-A3E9-B61CCC29052F

Latest 30 of 50 download URLs

Scan pangu9_v1.2.0.exe - Powered by Reason Core Security