» โปรแกรมเข้าระบบของ qin maids gmthai.exe
Overview
Analysis
File Details
Downloads (1)

โปรแกรมเข้าระบบของ qin maids gmthai.exe

成都墨龙科技有限公司

The executable โปรแกรมเข้าระบบของ qin maids gmthai.exe has been detected as malware by 6 anti-virus scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.gmthai.com.

File name:

Publisher:

成都墨龙科技有限公司 (signed and verified)

Version:

1.0.0.0

MD5:

e2f3531533e3353282be3a2ce2106d2c

SHA-1:

7ed01b0a42ac876b65b195c549aced334f449f94

Scanner detections:

6 / 68

Status:

Malware

Analysis date:

9/27/2024 4:10:01 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.DlHelper.2

391

Bitdefender

Gen:Variant.Application.Bundler.DlHelper.2

1.0.20.45

F-Secure

Gen:Variant.Application.Bundler

11.2016-09-01_7

G Data

Gen:Variant.Application.Bundler.DlHelper

16.1.25

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.9.5.0

MicroWorld eScan

Gen:Variant.Application.Bundler.DlHelper.2

17.0.0.27

File size:

1.5 MB (1,561,680 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\My documents\downloads\???\?????????????????? qin maids gmthai.exe

Digital Signature

Signed by:

成都墨龙科技有限公司

Authority:

WoSign eCommerce Services Limited

Valid from:

10/10/2012 8:57:27 PM

Valid to:

10/12/2013 7:30:35 PM

Subject:

E=560087@qq.com, CN=成都墨龙科技有限公司, O=成都墨龙科技有限公司, L=成都市, S=四川省, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:

0231B7B6969579

File PE Metadata

Compilation timestamp:

6/18/2013 5:35:25 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:6Cn7FzO/dGY3KFHzAxq3Nblx2iBWJDrkNvweP0guZCzeQGKNESagQ+6AmAXI49jG:q/E3Flx+oXPduZFQGKN5vGTAY49ZY

Entry address:

0x3593F0

Entry point:

60, BE, 00, 60, 5E, 00, 8D, BE, 00, B0, E1, FF, C7, 87, 14, 1C, 22, 00, B8, CC, 3F, 5B, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB... 
[+]

Entropy:

7.7616

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

1.5 MB (1,523,712 bytes)

The file โปรแกรมเข้าระบบของ qin maids gmthai.exe has been seen being distributed by the following URL.

http://www.gmthai.com/maids/launcher/.../

Remove โปรแกรมเข้าระบบของ qin maids gmthai.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.