» qianyi.exe
Overview
Analysis
File Details
Downloads (4)

qianyi.exe

The application qianyi.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from 113.171.224.166 and multiple other hosts.

File name:

qianyi.exe

MD5:

1317e3c29a073e275285dede09f9b866

SHA-1:

9902402210ab7b6d19a7f18b770dd23fcbf445df

SHA-256:

d42dcb9118a1bc9b215b06d2fc01ec03b294ff9704cedf71ff703227c7a12ce3

Scanner detections:

13 / 68

Status:

Potentially unwanted

Analysis date:

1/13/2025 1:55:15 AM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

AdWare.W32.MegaSearch

2.1.4+

Avira AntiVirus

TR/Crypt.ZPACK.Gen9

8.3.3.2

Bkav FE

HW32.Packed

1.3.0.7717

Fortinet FortiGate

Riskware/Adload

3/12/2016

IKARUS anti.virus

Trojan.Crypt

t3scan.2.0.9.0

K7 AntiVirus

Riskware

13.214.18967

Kaspersky

not-a-virus:Downloader.Win32.AdLoad

15.0.0.562

McAfee

Artemis!1317E3C29A07

5600.6462

Panda Antivirus

Generic Suspicious

16.03.12.08

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1120

Reason Heuristics

Threat.Generic

16.12.8.23

Rising Antivirus

PE:Malware.Generic(Thunder)!1.A1C4 [F]

23.00.65.16310

Zillya! Antivirus

Downloader.Adload.Win32.34523

2.0.0.2718

File size:

3.2 MB (3,384,320 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\qianyi.exe

File PE Metadata

Compilation timestamp:

3/2/2016 2:58:05 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

98304:CVc7wY12l5NdyHrJqbdNaPs5mSZH3k0Gjyln:Ic76bHaPs5mKGjcn

Entry address:

0xBE20

Entry point:

E8, 79, 44, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, FF, 15, 78, 60, 41, 00, 6A, 01, A3, 04, F9, 71, 00, E8, 36, 49, 00, 00, FF, 75, 08, E8, CB, 48, 00, 00, 83, 3D, 04, F9, 71, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 1C, 49, 00, 00, 59, 68, 09, 04, 00, C0, E8, 99, 48, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 61, 86, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, E8, F6, 71, 00, 89, 0D, E4, F6, 71, 00, 89, 15, E0, F6, 71, 00, 89, 1D, DC, F6, 71, 00, 89, 35, D8, F6, 71, 00, 89, 3D, D4... 
[+]

Code size:

83 KB (84,992 bytes)

The file qianyi.exe has been seen being distributed by the following 4 URLs.

http://113.171.224.166/.../QianYi.exe

http://113.171.224.212/.../QianYi.exe

http://113.171.224.244/.../QianYi.exe

http://t.qihutechs.com/update/new.2.0/wz/2.0.3/.../QianYi.exe

Remove qianyi.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.