home

ppjailbreak2.exe

Guangzhou Tieren Network Technology Co.,Ltd.

This is a setup program which is used to install the application. The file has been seen being downloaded from pangu8.com and multiple other hosts.
Publisher:
Guangzhou Tieren Network Technology Co.,Ltd.  (signed and verified)

Version:
2, 0, 5, 1

MD5:
f7ecd26b751f5c3bd23b52ecba78538b

SHA-1:
3d2ad8cdab71b0b83c4d641934f50176254be77f

SHA-256:
4945c75c66ec461db371c41302e019c617b68342b8d283e092c37b227592bd43

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/25/2024 6:47:07 AM UTC  (today)

File size:
36.3 MB (38,063,360 bytes)

Product version:
2, 0, 5, 1

Copyright:
Copyright (C) 25pp.com

Original file name:
PPJailbreak.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Digital Signature
Signed by:
Guangzhou Tieren Network Technology Co.,Ltd.

Authority:
VeriSign, Inc.

Valid from:
7/18/2013 8:00:00 PM

Valid to:
8/18/2015 7:59:59 PM

Subject:
CN="Guangzhou Tieren Network Technology Co.,Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Guangzhou Tieren Network Technology Co.,Ltd.", L=Guangzhou, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
013616D1161196F734584C5046062023

File PE Metadata
Compilation timestamp:
7/7/2015 1:58:21 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
786432:Kl8kRfjkrC8noiae7c2GFsXhc7vGoXWopWpvDxNVs+/V8:KlpRfjk+Aoiae7cjs4G8Ubp98

Entry address:
0x3AFDE3

Entry point:
60, FF, 34, 24, E9, FA, 00, 01, 00, 20, 0E, F7, 5A, 7F, 77, B6, A4, CC, 61, 54, A9, 49, 48, 36, 95, 1D, 94, EC, 62, BD, AE, 89, A6, 0C, 87, FA, 63, BE, A7, CA, 07, AF, D2, 3F, EA, 9B, 31, 3C, 2D, DE, 7C, 81, 2C, 8A, ED, 5A, DD, 76, CE, D5, F3, B6, 09, A4, D6, D1, A5, 58, 67, 37, 8E, DE, DD, CE, 19, 7B, C7, BD, 43, 3F, C6, 7F, 3A, E0, BD, DC, A4, C7, 5F, 86, 6C, 17, DA, 29, 15, 4B, 4F, FA, 90, 54, 67, 68, 5F, 85, 74, 8D, 8D, AE, FD, 09, 98, 03, 70, 5C, 88, 5F, D3, 6A, 2C, 0D, 63, D1, 77, 17, 75, 30, 1D, 56...
 
[+]

Entropy:
7.9582  (probably packed)

Code size:
2.1 MB (2,234,368 bytes)

The file ppjailbreak2.exe has been seen being distributed by the following 2 URLs.

http://pangu8.com/.../pp84.exe

http://ppjailbreak.com/.../PPJailbreak2.exe

Scan ppjailbreak2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.