home

pangu_v1.2.exe

Lingbao Qinling Electronics Co., Ltd.

This is a setup program which is used to install the application. The file has been seen being downloaded from mega.nz and multiple other hosts.
Publisher:
Lingbao Qinling Electronics Co., Ltd.  (signed and verified)

Version:
1, 2, 0, 1

MD5:
4fb575c1b3fbd4a59b5c39da029ad245

SHA-1:
d2143ad652da7cc0e356f19c4a9dc59335a14b0b

SHA-256:
793d5f07e9cbe50afb28e20a17946dd27dc4574c7546e7fc8d0fe33058c90d4b

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/16/2024 9:00:59 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
Virus.Win32.Virut.CE
19134

File size:
34.2 MB (35,838,400 bytes)

Product version:
1, 2, 0, 1

Copyright:
Copyright (C) PanguTeam

Original file name:
Pangu.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Digital Signature
Signed by:
Lingbao Qinling Electronics Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
6/23/2014 7:00:00 AM

Valid to:
6/24/2015 6:59:59 AM

Subject:
CN="Lingbao Qinling Electronics Co., Ltd.", OU=IS, O="Lingbao Qinling Electronics Co., Ltd.", L=Lingbao, S=Henan, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
37EDA0F1C795F86E6AB6E496B415F64B

File PE Metadata
Compilation timestamp:
8/9/2014 4:15:02 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
786432:LJZ5QAXhnMhPPBokTSHH2Sxpeik0h1O+VhzEXQQ5NkS:LJz7XhnMhPP9TShRHh1OGhziJj

Entry address:
0x3FE776

Entry point:
60, C7, 44, 24, 1C, 01, 80, D7, 65, FF, 74, 24, 04, 60, 68, 6E, 68, 92, 9A, C7, 44, 24, 40, 3A, 51, F3, 42, 9C, 8D, 64, 24, 44, E9, 77, 49, 02, 00, 98, 39, 64, 43, E9, 68, 3F, F8, 06, 3E, 1C, 36, 26, 9E, F8, D7, B2, 90, 60, 5C, 22, 9F, E4, 5B, B2, F5, 84, B7, 76, 4E, 2C, A6, 12, 33, 99, B8, A7, 9B, 3F, E1, 5D, AF, A2, B5, 6B, B5, 60, 57, 02, C2, 8F, 01, 9A, 75, AC, C1, 2F, 9D, E2, 5D, 22, CD, E1, 37, 0E, 2C, 00, F2, 8C, 46, 48, 05, F2, C3, FD, 12, 6C, E2, D0, BC, 32, 5D, 21, 7B, B2, BD, C3, 83, C9, B7, 0F...
 
[+]

Entropy:
7.9740  (probably packed)

Code size:
2 MB (2,128,896 bytes)

The file pangu_v1.2.exe has been seen being distributed by the following 14 URLs.

https://mega.nz/persistent/.../2FNnFS6S

https://doc-0o-38-docs.googleusercontent.com/docs/securesc/1rtfsg93rcc2oqn2k78vh8gkacihjfil/ac9j13dutbii4e7m6p254jsf6thehjbl/1479636000000/04140184350817754091/.../0B9-k8r5um-vVMHNQSHBFd3dYeUk?e=download

https://mega.nz/persistent/.../dNQCAR6I

https://mega.nz/temporary/.../EMBGFbpL

https://mega.nz/temporary/.../YA8FAaCD

http://dl.cafeapple.net/.../Pangu_v1.2-www.CafeApple.net.exe

https://mega.nz/temporary/.../idNHFRCL

blob:D4F45EA4-3A1B-4266-80A6-E4683D5D8275

https://mega.nz/temporary/.../dNQCAR6I

https://mega.co.nz/temporary/.../dNQCAR6I

chrome-extension://bigefpfhnfcobdlfbedofhhaibnlghod/persistent/.../dNQCAR6I

https://mega.nz/temporary/.../2FNnFS6S

https://mega.co.nz/temporary/.../2FNnFS6S

http://dl.pangu.25pp.com/.../Pangu_v1.2.exe

Scan pangu_v1.2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.