setup_1_51832_029.exe

天宁区茶山极速图文设计工作室

The executable setup_1_51832_029.exe has been detected as malware by 12 anti-virus scanners.
Publisher:
午夜 神器   (signed by 天宁区茶山极速图文设计工作室)

Product:
午夜 神器

Version:
3.0.0.0

MD5:
ac7cce9721dbbbd05318b48be88f7819

SHA-1:
20a678fcfe666b58b183f5521f091f9f5385b649

SHA-256:
1f772f05fc6bc614402570ec8811e5b05bfc3abecd4e971e09b0f51c4ec6ee58

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
11/24/2024 4:28:36 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.98955
421

AhnLab V3 Security
Trojan/Win32.Genome
2015.12.10

Avira AntiVirus
TR/Downloader.Gen
8.3.2.4

Arcabit
Trojan.Strictor.D1828B
1.0.0.629

avast!
Win32:Evo-gen [Susp]
2014.9-151210

Bitdefender
Gen:Variant.Strictor.98955
1.0.20.1720

Comodo Security
TrojWare.Win32.TrojanDropper.Agent.HNMS
23732

Emsisoft Anti-Malware
Gen:Variant.Strictor.98955
8.15.12.10.08

F-Prot
W32/Agent.EW.gen
v6.4.7.1.166

F-Secure
Trojan:W32/DelfInject.R
11.2015-10-12_5

G Data
Gen:Variant.Strictor.98955
15.12.25

MicroWorld eScan
Gen:Variant.Strictor.98955
16.0.0.1032

File size:
3.7 MB (3,853,656 bytes)

Product version:
3.0.0.0

Copyright:
午夜 神器

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Digital Signature
Authority:
WoSign CA Limited

Valid from:
9/25/2015 4:20:29 AM

Valid to:
4/25/2016 4:20:29 AM

Subject:
CN=天宁区茶山极速图文设计工作室, E=zaqwe2222@163.com, O=天宁区茶山极速图文设计工作室, L=常州市, S=江苏省, C=CN

Issuer:
CN=CA 沃通 OV 代码签名证书 G2, O=WoSign CA Limited, C=CN

Serial number:
1BACA5042DE9F7D61AAC209657B8781E

File PE Metadata
Compilation timestamp:
12/5/2015 7:12:23 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:4g03IJbmcJW2YecG+bC5Mpvy9R1wBTvjJAKd4i4td4:kwbmH6++5Ia9Xwxvjud4

Entry address:
0xC988F

Entry point:
55, 8B, EC, 6A, FF, 68, E8, C6, 77, 00, 68, 78, C6, 4C, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, D4, C1, 4E, 00, 33, D2, 8A, D4, 89, 15, CC, 0E, 7D, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, C8, 0E, 7D, 00, C1, E1, 08, 03, CA, 89, 0D, C4, 0E, 7D, 00, C1, E8, 10, A3, C0, 0E, 7D, 00, 6A, 01, E8, F1, 5B, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, 9C, 59, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
6.4581

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
940 KB (962,560 bytes)

Remove setup_1_51832_029.exe - Powered by Reason Core Security