» pc_faster_setup_mini_318_1153401411.exe
Overview
Analysis
File Details
Downloads (68)

pc_faster_setup_mini_318_1153401411.exe

Baidu PC Faster

Baidu Online Network Technology (Beijing)Co., Ltd

File name:

Publisher:

Baidu Inc. (signed by Baidu Online Network Technology (Beijing)Co., Ltd)

Product:

Baidu PC Faster

Description:

Baidu PC Faster MiniSetup

Version:

4,0,0,53296

MD5:

af438a5468d16372344d5591b645f4da

SHA-1:

8f34da0fe42421f44f4518e6693011ab3e82e2de

SHA-256:

0f0e2ca563509d1462c394ef71bbac4af672c3c8313f3e202b5da27c7d3f1c2a

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/24/2024 4:50:59 PM UTC (today)

File size:

1.5 MB (1,572,384 bytes)

Product version:

4,0,0,53296

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\pc_faster_setup_mini_318_1153401411.exe

Digital Signature

Signed by:

Baidu Online Network Technology (Beijing)Co., Ltd

Authority:

VeriSign, Inc.

Valid from:

4/24/2012 7:00:00 AM

Valid to:

4/25/2015 6:59:59 AM

Subject:

CN="Baidu Online Network Technology (Beijing)Co., Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Baidu Online Network Technology (Beijing)Co., Ltd", L=Beijing, S=Beijing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3BDB1994B98BBB19AB55A42337FA4F5C

File PE Metadata

Compilation timestamp:

12/13/2013 10:09:33 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:JpJkhGg7dMuPN10hOUrkZxmTVpDjkyTnFcbpUiVZq:JfWtNKhhwZxmTVpDpslq

Entry address:

0xADCAA

Entry point:

E8, B8, FE, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, 68, A4, 4F, 00, 00, 74, 15, 68, 68, A4, 4F, 00, E8, C4, FF, 00, 00, 59, 85, C0, 74, 06, FF, 15, 68, A4, 4F, 00, E8, 53, 79, 00, 00, 85, C0, 74, 07, 50, E8, 0B, 7B, 00, 00, 59, FF, 75, 08, FF, 15, 48, 83, 4F, 00, CC, 6A, 0C, 68, 88, F5, 51, 00, E8, 0F, 1E, 00, 00, E8, A6, 79, 00, 00, 83, 65, FC, 00, FF, 70, 58, FF, 50, 54, 50, E8, A2, FF, FF, FF, 8B, 45, EC, 8B, 08, 8B, 09, 89, 4D, E4, 50, 51, E8, 18, F9, 00, 00, 59, 59, C3, 8B, 65, E8, FF... 
[+]

Entropy:

6.7901

Code size:

986.5 KB (1,010,176 bytes)

The file pc_faster_setup_mini_318_1153401411.exe has been seen being distributed by the following 50 URLs.

http://byvue.com/?a=251895&c=1210084&m=32&s2=6kx481fx_29_87555

http://serve.popads.net/popOut.php?c=10000000000&a=2517564001&ac=9282204447298378

http://pfgbc.com/?a=303331&c=1210084&m=32&s1=&s2=S1_19_4197185015

http://byvue.com/?a=233200&c=1210084&m=32&s2=ZP&s3=romeo-tee-IToHTqie__&s4=WlY3NTQ3NWQ3MGJjYzQxMWUzYWU5ODIyMDAwYTY1OGQ2YjEzOTY3MDM3NzQ

http://serve.popads.net/popOut.php?c=10000000000&a=1974774553&ac=8592443336979466

http://pfgbc.com/?a=303331&c=1210084&m=32&s1=&s2=S1_19_3978618460

http://pfgbc.com/?a=303331&c=1210084&m=32&s1=&s2=S1_19_4162600436

http://byvue.com/?a=251895&c=1210084&m=32&s2=cx95vv2b_40_149836

http://xttrack.com/.../indexflym.php

http://byvue.com/?a=233200&c=1210084&m=32&s2=ZP-TH-T&s3=charlie-lay-cwMyBa0F__&s4=WlYyNTU2OGU0MGQwYmUxMWUzYjg4MDEyNWFlOGMyMDVkOTEzOTg5MDAwODY

http://byvue.com/?a=233200&c=1210084&m=32&s2=ZP-TH-T&s3=hotel-arb-SRMyGGl2_hawaiievents,motor sports_&s4=WlY1MWUwMDg0MGNmOGExMWUzYTg5ZjEyNWFlOGMyMDVkOTEzOTg3Njc4ODA

http://byvue.com/?a=251895&c=1210084&m=32&s2=clsmymal_29_61261

http://byvue.com/?a=233200&c=1210084&m=32&s2=DN&s3=5346b26bba8ad97b08014265

http://pfgbc.com/?a=303331&c=1210084&m=32&s1=&s2=S1_19_4250231355

http://serve.popads.net/popOut.php?c=10000000000&a=1539512543&ac=879907967134014

http://byvue.com/?a=233200&c=1210084&m=32&s2=DN&s3=52a73dfad8805f0038025caf

http://pfgbc.com/?a=303331&c=1210084&m=32&s1=&s2=S1_19_3976590868

http://byvue.com/?a=233200&c=1210084&m=32&s2=ZP-TH-T&s3=xray-voe-koZjiCIf__&s4=WlY4ZGY1NTVhMGQ0YmQxMWUzOGRjNzBhYmVhN2IwZWFlMjEzOTkzMzk2Mzc

http://pfgbc.com/?a=303331&c=1210084&m=32&s1=&s2=S1_19_4231382004

http://byvue.com/?a=233200&c=1210084&m=32&s2=ZP&s3=uniform-umm-vyDxRAyr__&s4=WlY1NTUzNzk5NGJjMDExMWUzYWU5ODIyMDAwYTY1OGQ2YjEzOTY2MTk5NzA

http://pfgbc.com/?a=303331&c=1210084&m=32&s1=&s2=S1_19_4261381056

http://byvue.com/?a=233200&c=1210084&m=32&s2=ZP-TH-T&s3=echo-tan-rPyx5ZzV__&s4=WlYyMDllNGE4NWQ0ZTkxMWUzOGVmNzBlMWQ1N2IwYjk3NjEzOTkzNTgzNTE

http://serve.popads.net/popOut.php?c=10000000000&a=2796018172&ac=7961988318998849

http://byvue.com/?a=233200&c=1210084&m=32&s2=ZP&s3=uniform-sod-YcwPfXNJ_auzmyy on instagram_&s4=WlYwMmU5ZGMzMWJjYjUxMWUzYWU5ODIyMDAwYTY1OGQ2YjEzOTY2OTcxMzk

http://popcash.net/world/sgo/12524/22734/.../aHR0cDovLzRzaGFyZWQtbXVzaWMuY29tLyVFMCVCOCU5NCVFMCVCOCVCMiVFMCVCOCVBNyVFMCVCOCU5OSVFMCVCOSU4QyVFMCVCOSU4MiVFMCVCOCVBQiVFMCVCOCVBNSVFMCVCOCU5NF8lRTAlQjglQUQlRTAlQjklODklRTAlQjglQjIlRTAlQjglQTIlRTAlQjglOTUlRTAlQjglQjIlRTAlQjglQTIlRTAlQjglQUElRTAlQjglQjQlRTAlQjklODQlRTAlQjglQUIlRTAlQjklODglRTAlQjglOTklRTAlQjglQjMlRTAlQjglOUElRTAlQjklODgubXAzXy00c2hhcmVkX3ZrcnNOVnNnLmh0bWw=

http://pfgbc.com/?a=303331&c=1210084&m=32&s1=&s2=S1_19_3789347743

http://popcash.net/world/sgo/10197/17743/.../aHR0cDovL3d3dy5qYXZpbm4uY29tL3dhdGNoLWthZWRlLWZ1eXV0c3VraS1tb2xlc3Rlci1vbC1zdGFsa2VyLXRhcmdldGVkLw==

http://pfgbc.com/?a=303331&c=1210084&m=32&s1=&s2=S1_19_4167681587

http://pfgbc.com/?a=303331&c=1210084&m=32&s1=&s2=S1_19_3904542289

http://byvue.com/?a=233200&c=1210084&m=32&s2=ZP-TH-T&s3=kilo-goa-UOVt2zv6__&s4=WlY0MGRiNmMyMGNlZjgxMWUzODRkODBhYmVhN2IwZWFlMjEzOTg3MDUxNDA

Latest 30 of 68 download URLs

Scan pc_faster_setup_mini_318_1153401411.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.