home

tongji.exe

Chengdu Jinding Shengshi Network Technology Co., Ltd.

The executable tongji.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
Chengdu Jinding Shengshi Network Technology Co., Ltd.  (signed and verified)

Description:
皇图安装量统计

Version:
1.3.1.10

MD5:
3f7fe1f5b4c2d6e22d675fefc4392dc0

SHA-1:
44c45306f6e06ecbd71ad5ef2da20dc4365cee53

SHA-256:
c0663daa8f272a8797ea3df24041f1a1cbd132ca105c0c48cc57271aba82c0f4

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/27/2024 5:32:28 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.8.27.0

File size:
671 KB (687,112 bytes)

Product version:
1.3.1.10

Copyright:
Copyright (C) 2015

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\temp\tongji.exe

Digital Signature
Signed by:
Chengdu Jinding Shengshi Network Technology Co., Ltd.

Authority:
WoSign CA Limited

Valid from:
7/3/2015 3:28:23 PM

Valid to:
12/30/2016 12:00:00 AM

Subject:
CN="Chengdu Jinding Shengshi Network Technology Co., Ltd.", O="Chengdu Jinding Shengshi Network Technology Co., Ltd.", L=Chengdu, S=Sichuan, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
68FD0F148E9A2FAAC12D58C0F0CD14D3

File PE Metadata
Compilation timestamp:
10/14/2015 3:41:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:zYlhXTlUFYa7U7YciylUAovJIhxnes4p3R99sJtZ8+556OBKTvPmM:zYlT1a4bRes4p3n9sJtd56OAT2M

Entry address:
0x60883

Entry point:
E8, 80, 83, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 85, C0, 74, 41, 83, 7D, 08, 00, 75, 13, E8, FD, 5C, 00, 00, 6A, 16, 5E, 89, 30, E8, A1, 5C, 00, 00, 8B, C6, EB, 2A, 83, 7D, 10, 00, 74, E7, 39, 45, 0C, 73, 0E, E8, DF, 5C, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, DE, 50, FF, 75, 10, FF, 75, 08, E8, 48, F5, FF, FF, 83, C4, 0C, 33, C0, 5E, 5D, C3, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 54, 72, 4A...
 
[+]

Entropy:
6.3720

Code size:
537 KB (549,888 bytes)

Remove tongji.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.