home

qqpcmgr_v11.3.17201.218_123138925_silence.exe

SendStat Module

This is a setup program which is used to install the application. The file has been seen being downloaded from down.eoo.cm.
Product:
SendStat Module

Version:
0, 0, 0, 0

MD5:
f16a838e0449dc8f1c328c5b1367eeec

SHA-1:
7fa98c3ae40d3d60a0ded651c514b4f0cf597176

SHA-256:
58d9682eaef7561ba89cc8f840b08b68612a4d1e7a3b77b19c250cf2ecb9f7f1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 8:23:08 PM UTC  (today)

File size:
49.8 MB (52,180,732 bytes)

Product version:
0, 0, 0, 0

Copyright:
Copyright 2013

Original file name:
SendStat.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\qqpcmgr_v11.3.17201.218_123138925_silence.exe

File PE Metadata
Compilation timestamp:
1/28/2016 1:06:09 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
1572864:bC/Q7oNmOMyJ0bp19NhNHrIcnlb0w9pwbwc+fAVgAu:bC/QnOvKrHIk5F9pwb3+fMc

Entry address:
0x3198000

Entry point:
B9, 26, 58, FF, 0A, BE, 16, 80, 59, 03, 68, C4, 06, 00, 00, 5A, 31, 0C, 32, 4A, 83, EA, 03, 75, F7, 90, CE, 25, FE, 0A, 26, 58, FF, 0A, 26, 58, BF, 0A, AD, D5, FF, 0A, 46, 21, E6, 09, DA, DE, E6, 09, 26, E8, FD, 0A, 27, 58, FF, 0A, 36, E8, BE, 0A, 06, AF, BE, 0A, 14, AF, BE, 0A, 7A, AD, FE, 0A, 38, AF, FE, 0A, 16, AF, FE, 0A, 36, E8, FE, 0A, 38, AF, FE, 0A, 16, AF, FE, 0A, 26, 58, FF, 0A, 26, 58, FF, 0A, 26, 58, FF, 0A, 26, 58, FF, 0A, 5E, E9, BE, 0A, 26, 58, FF, 0A, 26, 58, FF, 0A, 26, 58, FF, 0A, 26, 58...
 
[+]

Entropy:
7.9858  (probably packed)

Code size:
104 KB (106,496 bytes)

The file qqpcmgr_v11.3.17201.218_123138925_silence.exe has been seen being distributed by the following URL.

http://down.eoo.cm/qqpcmgr_v11.3.17201.218_123138925_Silence.exe

Scan qqpcmgr_v11.3.17201.218_123138925_silence.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.