» ppsxyj.exe
Overview
Analysis
File Details
Downloads (1)

ppsxyj.exe

成都墨龙科技有限公司

The executable ppsxyj.exe has been detected as malware by 9 anti-virus scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from xyj.wd.17wan7.com.

File name:

ppsxyj.exe

Publisher:

成都墨龙科技有限公司 (signed and verified)

Version:

1.0.0.0

MD5:

6b4d2dd76125fa867d9fbdf50c5f2dfa

SHA-1:

cc2effc237a78512e2bb3fb24dfcfe56df98d6bd

SHA-256:

872ca88ef5a54d48f790ec9f86014942dd418e7a9c16bdfc69d1d82fc2bfba45

Scanner detections:

9 / 68

Status:

Malware

Analysis date:

11/24/2024 1:32:18 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.DlHelper.2

151

AegisLab AV Signature

Gen.Variant.Application.Bundler!c

2.1.4+

Arcabit

Trojan.Application.Bundler.DlHelper.2

1.0.0.646

Bitdefender

Gen:Variant.Application.Bundler.DlHelper.2

1.0.20.1245

F-Secure

Gen:Variant.Application.Bundler

11.2016-05-09_2

G Data

Gen:Variant.Application.Bundler.DlHelper

16.9.25

MicroWorld eScan

Gen:Variant.Application.Bundler.DlHelper.2

17.0.0.747

Rising Antivirus

PE:Malware.Generic/QRS!1.9E2D [F]

23.00.65.16903

Vba32 AntiVirus

BScope.Malware-Cryptor.Fareit.2913

3.12.26.4

File size:

1.4 MB (1,433,544 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\ppsxyj.exe

Digital Signature

Signed by:

成都墨龙科技有限公司

Authority:

WoSign CA Limited

Valid from:

9/18/2014 10:50:21 PM

Valid to:

11/18/2017 11:50:21 PM

Subject:

CN=成都墨龙科技有限公司, E=ml-public@mokylin.com, O=成都墨龙科技有限公司, L=成都市, S=四川省, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

7E23FE787BD8D886CCCBD1B90F651713

File PE Metadata

Compilation timestamp:

12/8/2015 4:42:07 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:GHRCKXlQ/zOWonoqCNqwz3tbGVrlm6GJa/V+2Knjk1IQkhRvHJVbDf680xVO:GHR8WnfDwz3tyVBz3B1/ifJVnf7UA

Entry address:

0x2BA6E0

Entry point:

60, BE, 00, 10, 56, 00, 8D, BE, 00, 00, EA, FF, C7, 87, 14, FC, 1E, 00, 11, 15, C0, 96, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

1.4 MB (1,417,216 bytes)

The file ppsxyj.exe has been seen being distributed by the following URL.

http://xyj.wd.17wan7.com/loginclient/.../ppsXyj.exe

Remove ppsxyj.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.