home

QiyiClient.exe

爱奇艺视频

BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘QiyiClient’. The file has been seen being downloaded from static.qiyi.com.
Publisher:
爱奇艺  (signed by BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.)

Product:
爱奇艺视频

Description:
爱奇艺视频3.0版

Version:
2.2.1.7

MD5:
0d6a16feaafca4e89f423772ad813bef

SHA-1:
dee64ccb0c24912d1c2430d3560e9444aea0b09e

SHA-256:
f363b52dec17bc3c28f5f67ef85aaf39a1c82466cdb25c32d94430f66dcee394

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 3:21:29 PM UTC  (today)

File size:
4 MB (4,149,184 bytes)

Product version:
2.2.1.7

Copyright:
Copyright (C) 2012-2014 爱奇艺 版权所有

Original file name:
QiyiClient.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\iqiyi_pps\iqiyi\qiyiclient.exe

Digital Signature
Signed by:
BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.

Authority:
VeriSign, Inc.

Valid from:
11/19/2013 8:00:00 AM

Valid to:
2/10/2017 7:59:59 AM

Subject:
CN="BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.", OU=TECHNOLOGY PRODUCTS DEPARTMENT, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.", L=BEIJING, S=BEIJING, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
46C18F6601633DAE52FFD9A4FA162F40

File PE Metadata
Compilation timestamp:
5/27/2014 2:36:22 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:WCrBNDEyvtjUZxe33lTozzxiJozzx6D+/W:Rbwqwe3VdwW

Entry address:
0x29777C

Entry point:
E8, 02, 0B, 00, 00, E9, 37, FD, FF, FF, FF, 25, 4C, 86, 6D, 00, 3B, 0D, A8, D3, 77, 00, 75, 02, F3, C3, E9, 7E, 0B, 00, 00, 6A, 14, 68, 78, 6A, 76, 00, E8, 55, 0A, 00, 00, FF, 35, B8, 17, 78, 00, 8B, 35, EC, 86, 6D, 00, FF, D6, 59, 89, 45, E4, 83, F8, FF, 75, 0C, FF, 75, 08, FF, 15, E8, 86, 6D, 00, 59, EB, 67, 6A, 08, E8, 5B, 0C, 00, 00, 59, 83, 65, FC, 00, FF, 35, B8, 17, 78, 00, FF, D6, 89, 45, E4, FF, 35, B4, 17, 78, 00, FF, D6, 59, 59, 89, 45, E0, 8D, 45, E0, 50, 8D, 45, E4, 50, FF, 75, 08, 8B, 35, D4...
 
[+]

Entropy:
6.4946

Code size:
2.8 MB (2,977,280 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
QiyiClient

Command:
"C:\Program Files\iqiyi_pps\iqiyi\qiyiclient.exe" autostart


The file QiyiClient.exe has been seen being distributed by the following URL.

http://static.qiyi.com/ext/common/.../QiyiClient.exe

Scan QiyiClient.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.