home

readiriscorporate15.1(ocr识别软件)简体中文破解版@82_4767.exe

Downloader

Shanghai Yishen Network Technology Co., Ltd.

The application readiriscorporate15.1(ocr识别软件)简体中文破解版@82_4767.exe by Shanghai Yishen Network Technology Co. has been detected as a potentially unwanted program by 27 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This setup program installs potentially unwanted software on the user's PC at the same time as the expected/marketing software, without adequate consent. The program is typically installed via a form of malvertising The file has been seen being downloaded from down.xiazaijia.cc and multiple other hosts.
Publisher:
Shanghai Yishen Network Technology Co., Ltd.  (signed and verified)

Product:
Downloader

Version:
6.0.0.1

MD5:
eb935ecee39dfeebd3c7601bcd62e0f3

SHA-1:
5bc539f5297952a5ae8c43ff7a9bb0e0ae47b2e9

SHA-256:
39389fe32ceffc9c7b3d465f5e142f850c9f876430ab688aa9154e19eb1abab0

Scanner detections:
27 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 6:16:23 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.15287112
430

Agnitum Outpost
PUA.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Helper
2015.12.01

avast!
Win32:Adware-gen [Adw]
2014.9-151202

AVG
Generic
2016.0.2908

Bitdefender
Trojan.Generic.15287112
1.0.20.1680

Clam AntiVirus
Win.Trojan.Generickd-1403
0.98/21511

Dr.Web
Trojan.Siggen6.36073
9.0.1.0336

Emsisoft Anti-Malware
Trojan.Generic.15287112
8.15.12.02.03

Fortinet FortiGate
W32/Generic.AC.2003
12/2/2015

F-Secure
Trojan.Generic.15287112
11.2015-02-12_4

G Data
Trojan.Generic.15287112
15.12.25

IKARUS anti.virus
PUA.Softcnapp
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.212.18014

McAfee
Artemis!EB935ECEE39D
5600.6564

Microsoft Security Essentials
SoftwareBundler:Win32/Xiazai
1.1.12300.0

MicroWorld eScan
Trojan.Generic.15287112
16.0.0.1008

NANO AntiVirus
Trojan.Win32.Winlock.dqvnat
0.30.26.4751

nProtect
Trojan.Generic.15287112
15.12.01.01

Panda Antivirus
Trj/Genetic.gen
15.12.02.03

Quick Heal
SoftwareBundler.Xiazai.r5 (Not a Virus)
12.15.14.00

Sophos
Xiazai Bundler (PUA)
4.98

Trend Micro
TROJ_GEN.R0EBC0OKQ15
10.465.02

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
45540

ViRobot
Trojan.Win32.Z.Agent.264096[h]
2014.3.20.0

Zillya! Antivirus
Adware.Agent.Win32.79353
2.0.0.2539

File size:
257.9 KB (264,096 bytes)

Product version:
6.0.0.1

Original file name:
Downloader

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\readiriscorporate15.1(ocr????)???????@82_4767.exe

Digital Signature
Signed by:
Shanghai Yishen Network Technology Co., Ltd.

Authority:
WoSign CA Limited

Valid from:
11/4/2015 5:27:27 PM

Valid to:
11/4/2016 5:27:27 PM

Subject:
CN="Shanghai Yishen Network Technology Co., Ltd.", O="Shanghai Yishen Network Technology Co., Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
62B00AF7B42A239D1C1409007FAEFFB5

File PE Metadata
Compilation timestamp:
9/4/2014 1:19:34 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:7I2PdXkgP53e3KblS4c3/amOKpLeMEVAjl6iP2F1IZjGgVj:0GdXkgxaYl43/AKMAjl6hF1IZjx

Entry address:
0x3384

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, A8, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, B8, 2C, 43, 00, E8, FE, 24, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 2B, 43, 00, 8D, 44, 24, 38, 50, 53, 68, 3B, 74, 40, 00, FF, 15, 58, 71, 40, 00, 68, 30, 74, 40, 00, 68, C0, 0B, 43, 00, E8, F0, 23, 00, 00, FF, 15, B0, 70, 40, 00, 50, BF, 00, 70, 44, 00, 57, E8, DE, 23, 00, 00...
 
[+]

Entropy:
7.7355

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file readiriscorporate15.1(ocr识别软件)简体中文破解版@82_4767.exe has been seen being distributed by the following 2 URLs.

http://down.xiazaijia.cc/?/36710/.../EasyPub(txt?epub?????)V1.44 ????????.exe

http://down.xiazai2.net/?/4767/.../Readiris Corporate 15.1 (OCR??????) ???????????? .exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.