โปรแกรมเข้าระบบของ qin maids gmthai.exe

成都墨龙科技有限公司

The executable โปรแกรมเข้าระบบของ qin maids gmthai.exe has been detected as malware by 6 anti-virus scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.gmthai.com.
Publisher:
成都墨龙科技有限公司  (signed and verified)

Version:
1.0.0.0

MD5:
e2f3531533e3353282be3a2ce2106d2c

SHA-1:
7ed01b0a42ac876b65b195c549aced334f449f94

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
12/27/2024 9:55:34 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.DlHelper.2
391

Bitdefender
Gen:Variant.Application.Bundler.DlHelper.2
1.0.20.45

F-Secure
Gen:Variant.Application.Bundler
11.2016-09-01_7

G Data
Gen:Variant.Application.Bundler.DlHelper
16.1.25

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.9.5.0

MicroWorld eScan
Gen:Variant.Application.Bundler.DlHelper.2
17.0.0.27

File size:
1.5 MB (1,561,680 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\???\?????????????????? qin maids gmthai.exe

Digital Signature
Authority:
WoSign eCommerce Services Limited

Valid from:
10/10/2012 8:57:27 PM

Valid to:
10/12/2013 7:30:35 PM

Subject:
E=560087@qq.com, CN=成都墨龙科技有限公司, O=成都墨龙科技有限公司, L=成都市, S=四川省, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:
0231B7B6969579

File PE Metadata
Compilation timestamp:
6/18/2013 5:35:25 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:6Cn7FzO/dGY3KFHzAxq3Nblx2iBWJDrkNvweP0guZCzeQGKNESagQ+6AmAXI49jG:q/E3Flx+oXPduZFQGKN5vGTAY49ZY

Entry address:
0x3593F0

Entry point:
60, BE, 00, 60, 5E, 00, 8D, BE, 00, B0, E1, FF, C7, 87, 14, 1C, 22, 00, B8, CC, 3F, 5B, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB...
 
[+]

Entropy:
7.7616

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
1.5 MB (1,523,712 bytes)

The file โปรแกรมเข้าระบบของ qin maids gmthai.exe has been seen being distributed by the following URL.