home

st_41.exe

广西千炎网络科技有限公司

The application st_41.exe by 广西千炎网络科技有限公司 has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
广西千炎网络科技有限公司  (signed and verified)

MD5:
59c31ee9a8f752b7aa4ced95d4a905f3

SHA-1:
f5f1f7484c4a414c7f6f848a84d0e76509a2077b

SHA-256:
97e40c13fbfe722238857a17a422de10a22f6ff216591bfc1db42c5b956caa99

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
1/15/2025 1:09:42 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Downloader.Meta (M)
16.2.24.4

File size:
1 MB (1,091,200 bytes)

Product version:
0107

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Common path:
C:\users\{user}\appdata\local\temp\st_41.exe

Digital Signature
Signed by:
广西千炎网络科技有限公司

Authority:
Thawte, Inc.

Valid from:
11/17/2015 7:00:00 AM

Valid to:
11/17/2016 6:59:59 AM

Subject:
CN=广西千炎网络科技有限公司, OU=技术, O=广西千炎网络科技有限公司, L=南宁, S=广西, C=CN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1ECA4D827EC25FB144574CEF9DE92C0E

File PE Metadata
Compilation timestamp:
1/7/2016 2:25:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:USwvdGDogL+n5D3Z40847l3/EsIfyTZAFGkkLMuwgW+tgxofdvESDQ19ttsIcvmO:BBDo/JldJZ3wuFtgomSM1/tgmSXVmoT

Entry address:
0xCFBA

Entry point:
E8, 48, 30, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 00, F5, 41, 00, 89, 0D, FC, F4, 41, 00, 89, 15, F8, F4, 41, 00, 89, 1D, F4, F4, 41, 00, 89, 35, F0, F4, 41, 00, 89, 3D, EC, F4, 41, 00, 66, 8C, 15, 18, F5, 41, 00, 66, 8C, 0D, 0C, F5, 41, 00, 66, 8C, 1D, E8, F4, 41, 00, 66, 8C, 05, E4, F4, 41, 00, 66, 8C, 25, E0, F4, 41, 00, 66, 8C, 2D, DC, F4, 41, 00, 9C, 8F, 05, 10, F5, 41, 00, 8B, 45, 00, A3, 04, F5, 41, 00, 8B, 45, 04, A3, 08, F5, 41, 00, 8D, 45, 08, A3, 14, F5, 41...
 
[+]

Entropy:
7.6420

Code size:
89 KB (91,136 bytes)

Remove st_41.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.