home

sgsinstall_1.1.4.0.exe

三国杀安装程序

Hangzhou Bianfeng Networking technology Co., Ltd.

This is a setup program which is used to install the application. The file has been seen being downloaded from ngx.sanguosha.com.
Publisher:
Hangzhou Bianfeng Networking technology Co., Ltd.  (signed and verified)

Product:
三国杀安装程序

Version:
1, 0, 2, 0

MD5:
9cc0ccc5f4d12d1c79ccb11390ede0e8

SHA-1:
64ee3c2af7f6546215c6fb67ec1ba4df82de64e8

SHA-256:
e4e50081c2ffb9349ac819d5b570b8138eb4df91f1c93a4b1a2b45c9e899c09a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 3:16:55 PM UTC  (today)

File size:
4.9 MB (5,151,584 bytes)

Product version:
1, 0, 2, 0

Copyright:
Copyright (C) 2013

Original file name:
SGSInstall.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
Hangzhou Bianfeng Networking technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
7/8/2014 8:00:00 AM

Valid to:
7/8/2017 7:59:59 AM

Subject:
CN="Hangzhou Bianfeng Networking technology Co., Ltd.", OU=Online Game R & D Department, O="Hangzhou Bianfeng Networking technology Co., Ltd.", L=Hangzhou, S=Zhejiang, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
25AF56AFA47DEB34C2CE34823EFFD523

File PE Metadata
Compilation timestamp:
12/29/2014 10:58:37 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:GVfEJ64QMGb3B523OXb302oeSUAhYrZrJRsRLGEUaP1PG68jZV8tcCCzAhYrZgjC:GVfEJ6Bbt5mOXbE2oeSUWQJ2RyEUIPOX

Entry address:
0x45900

Entry point:
E8, 0F, C3, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 53, 56, 8B, 75, 08, FF, 75, 14, 8D, 4D, F0, 89, 75, 08, E8, 4A, DD, FF, FF, 33, DB, 3B, F3, 75, 2D, 39, 5D, 10, 74, 28, E8, 39, 3D, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 4F, ED, FF, FF, 83, C4, 14, 38, 5D, FC, 74, 07, 8B, 45, F8, 83, 60, 70, FD, 33, C0, EB, 7F, 8B, 4D, 0C, 3B, CB, 75, 05, 39, 5D, 10, 75, CC, 8B, 55, F4, 39, 5A, 08, 75, 1B, FF, 75, 10, 51, 56, E8, CA, 20, 00, 00, 83, C4, 0C, 38, 5D, FC, 74, 59, 8B, 4D...
 
[+]

Entropy:
7.8894  (probably packed)

Code size:
367 KB (375,808 bytes)

The file sgsinstall_1.1.4.0.exe has been seen being distributed by the following URL.

http://ngx.sanguosha.com/mc_download

Scan sgsinstall_1.1.4.0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.