home

shurufashengji1611.exe

Sogou.com

Publisher:
Sogou.com  (signed and verified)

MD5:
d34f58d7ae3e089409767d348cec3490

SHA-1:
f2f19b72061620153dc00828ffcfbf601ed052a5

SHA-256:
c0b7a4e1815df5d9e8aaa3cdd3913bb8027b8a6183f0fe3547e3255302db79ec

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 10:14:52 PM UTC  (today)

File size:
291.9 KB (298,872 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\shurufashengji1611.exe

Digital Signature
Signed by:
Sogou.com

Authority:
VeriSign, Inc.

Valid from:
8/27/2015 8:00:00 PM

Valid to:
9/26/2017 7:59:59 PM

Subject:
CN=Sogou.com, OU=Desktop Business Division, O=Sogou.com, L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7657C339EB73C76D7DF6A2AD478E66E3

File PE Metadata
Compilation timestamp:
12/10/2015 2:21:54 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:OSWgDe4Ys1+uEHvSMEw7gb+VTLjSb2SJ7p6MR9cN4w51zm:/De3scuEaMEwDC2S9p6xKwXy

Entry address:
0x231BE

Entry point:
E8, 5E, 66, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 8B, 4D, 08, 53, 33, D2, 56, 57, 89, 55, FC, 3B, CA, 0F, 84, 85, 00, 00, 00, 8B, 7D, 0C, 3B, FA, 75, 07, 39, 55, 10, 75, 79, EB, 05, 39, 55, 10, 74, 72, 39, 55, 14, 75, 07, 39, 55, 18, 75, 68, EB, 05, 39, 55, 18, 74, 61, 39, 55, 1C, 75, 07, 39, 55, 20, 75, 57, EB, 05, 39, 55, 20, 74, 50, 39, 55, 24, 75, 46, 39, 55, 28, 75, 46, 33, C0, 40, 8B, F1, 66, 39, 16, 74, 08, 48, 83, C6, 02, 3B, C2, 77, F3, 66, 83, 3E, 3A, 75, 3A, 3B, FA, 74, 1B, 83, 7D...
 
[+]

Entropy:
6.4945

Code size:
208.5 KB (213,504 bytes)

The file shurufashengji1611.exe has been seen being distributed by the following 3 URLs.

http://113.171.224.206/.../shurufashengji1611.exe

http://pro.pz1.3dn.ie.sogou.com/shurufashengji1611.exe

http://pro.pz0.3dn.ie.sogou.com/shurufashengji1611.exe

Scan shurufashengji1611.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.