home

tch_xa_v176.exe

TODO: <产品名>

TODO: <公司名>

This is a setup program which is used to install the application. The file has been seen being downloaded from airlcs.gotoip3.com.
Publisher:
TODO: <公司名>

Product:
TODO: <产品名>

Description:
TODO: <文件说明>

Version:
1.0.0.1

MD5:
65dba27ab6ee428e2767c9cd7d94fb5b

SHA-1:
4a4cd95af03b337a66d1e3961b5c89d3ec356822

SHA-256:
95e663fe01cb043d75c32152bbfcdaae512f5959e14c6c9cf7462ff3ff2804a1

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/16/2024 3:38:03 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Packed
1.3.0.8042

File size:
2.8 MB (2,904,064 bytes)

Product version:
1.0.0.1

Copyright:
TODO: (C) <公司名>。保留所有权利。

Original file name:
Tch_xA.exe

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
5/13/2016 10:58:51 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:4Bavb0sCQP9TWBexOYBqSqdTBJeeYziz1O2J03uwsyeVuJVz0yw9BNcDtlENqFlW:KYTgsOyqSqdTB/YziJ5twsyegJVd4BNU

Entry address:
0x2F263A

Entry point:
0F, 85, C0, A2, FF, FF, 9C, C7, 04, 24, 95, 2F, AE, D6, E8, 71, B3, 00, 00, 79, EE, 1A, 36, 5B, 86, 84, 1C, 3C, AB, 59, FE, 5A, 9D, 83, 94, B4, D3, B9, DE, CA, ED, 6D, 8C, 50, 27, 76, 7F, CA, 0B, F9, 4F, 2E, 1A, 07, 93, 8C, 9A, A6, 58, 51, ED, 2A, 6B, 49, FF, A0, EC, 0C, AA, 61, 54, BB, 5D, 71, B3, A8, 52, 72, 15, 77, 30, A6, 05, 06, 6C, CD, 10, BC, 5A, 14, 4F, 74, F8, 73, 58, B7, 1B, 13, 25, B2, 52, 03, 57, 8C, 0D, B8, E4, CF, DF, 7A, 39, 05, 7B, BE, E9, 7F, D3, 6F, C6, C7, B5, 84, 4A, 2B, D3, 54, 21, F5...
 
[+]

Entropy:
7.8556  (probably packed)

Code size:
248.5 KB (254,464 bytes)

The file tch_xa_v176.exe has been seen being distributed by the following URL.

http://airlcs.gotoip3.com/.../Tch_xA_v176.exe

Scan tch_xa_v176.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.