» raidcall_tw_v8.1.8.exe
Overview
Analysis
File Details
Downloads (7)

raidcall_tw_v8.1.8.exe

Beijing Changyou Raidcall Internet Tech Co.,Ltd Guangzhou branch

This is a setup program which is used to install the application. The file has been seen being downloaded from fs04n5.sendspace.com and multiple other hosts.

File name:

Publisher:

Beijing Changyou Raidcall Internet Tech Co.,Ltd Guangzhou branch (signed and verified)

MD5:

b2a9a45bd611fe24509be7d864e51c85

SHA-1:

dfedcb7303c5c73928fa027b2f935ae707504f00

SHA-256:

f0cdaa9ded817bfd0d10aa751dc2d304c53d2f1bfdff75cd5c7ccd290cce098a

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

12/27/2024 7:35:04 AM UTC (today)

File size:

5 MB (5,210,712 bytes)

File type:

Executable application (Win32 EXE)

Digital Signature

Signed by:

Beijing Changyou Raidcall Internet Tech Co.,Ltd Guangzhou branch

Authority:

Symantec Corporation

Valid from:

4/28/2016 8:00:00 AM

Valid to:

4/29/2018 7:59:59 AM

Subject:

CN="Beijing Changyou Raidcall Internet Tech Co.,Ltd Guangzhou branch", OU=运维, O="Beijing Changyou Raidcall Internet Tech Co.,Ltd Guangzhou branch", L=guangzhou, S=guangdong, C=CN

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

422946975D4B933E1729BEEBED96DC59

File PE Metadata

Compilation timestamp:

3/22/2010 8:59:12 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

98304:24WKW6bQRqh8ayE7woIBsby7pibA9uMzIAX2ni3tQSl2HspsgfsawRTw:nZXYE8aP7woIBsbTb8mq2c2MpsgfaRTw

Entry address:

0x114F

Entry point:

E9, EC, 56, 00, 00, E9, 27, 96, 00, 00, E9, 72, 9A, 00, 00, E9, CD, 95, 00, 00, E9, E8, AA, 00, 00, E9, C3, BA, 00, 00, E9, 5E, 9B, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC... 
[+]

Entropy:

7.9957

Packer / compiler:

Xtreme-Protector v1.05

Code size:

57.5 KB (58,880 bytes)

The file raidcall_tw_v8.1.8.exe has been seen being distributed by the following 7 URLs.

https://fs04n5.sendspace.com/dl/0b8db2e959b56f1723e2e43f7ad609c3/57e6ce32521f0265/.../raidcall_tw_v8.1.8.exe

https://fs04n5.sendspace.com/dl/efbdc6787477a2d7880fb7be286dee59/57923e7401955fb9/.../raidcall_tw_v8.1.8.exe

https://fs04n3.sendspace.com/dl/96ad49d75952a3ac05c4a289d2dd074e/5799d22b56f7d82e/.../raidcall_tw_v8.1.8.exe

https://fs04n3.sendspace.com/dl/16a0fb81fd6f7713dfaafe2cfef379ec/57fe375e20e61bec/.../raidcall_tw_v8.1.8.exe

http://127.0.0.1:37848/continue?TiCredToken=8051&Source=WTP&URL=http://update.raidtalk.com.tw/rctc/.../raidcall_tw_v8.1.8.exe

http://hacktalesrunner.com/.../raidcall_tw_v8.1.8.exe

http://update.raidtalk.com.tw/rctc/.../raidcall_tw_v8.1.8.exe

Scan raidcall_tw_v8.1.8.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.