home

tt_setup_48_1000.exe

Tencent Technology(Shenzhen) Company Limited

This is a setup program which is used to install the application. The file has been seen being downloaded from dlql.qq.com and multiple other hosts.
Publisher:
Tencent Technology(Shenzhen) Company Limited  (signed and verified)

MD5:
173060480832a992830fb4506dbc61b2

SHA-1:
f0f2458ba92e786081ac1c3ca3ab3be59229b193

SHA-256:
74d32fd5183d4a63337ff593d0a9402fdce1109f9758d602c0bde309fc3bfa60

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/15/2024 11:34:49 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Dr.Web
Trojan.MulDrop4.51388
9.0.1.0135

File size:
5.9 MB (6,174,160 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\tt_setup_48_1000.exe

Digital Signature
Signed by:
Tencent Technology(Shenzhen) Company Limited

Authority:
VeriSign, Inc.

Valid from:
1/26/2010 1:00:00 AM

Valid to:
1/26/2013 12:59:59 AM

Subject:
CN=Tencent Technology(Shenzhen) Company Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Tencent Technology(Shenzhen) Company Limited, L=shenzhen, S=guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5D0688F9040AD52287FC32ADECEB85B0

File PE Metadata
Compilation timestamp:
4/9/2007 9:44:40 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:Dg0gYnWBLUqk1vX6rQ386nj+5NOJneqL3++FYxWSGaRxrdr91F7U2O2Pfrbv3h62:DgdnBavKMs8j+fOneE7IWS7pdr91FVhf

Entry address:
0x40C0

Entry point:
83, EC, 0C, 83, 64, 24, 04, 00, 53, 55, 56, 57, C7, 44, 24, 10, E0, A1, 40, 00, B3, 20, FF, 15, 28, 80, 40, 00, 6A, 00, FF, 15, A4, 82, 40, 00, BE, 00, B4, 42, 00, BF, 00, 04, 00, 00, 56, 57, A3, C8, 4F, 42, 00, FF, 15, 64, 81, 40, 00, E8, 8C, FF, FF, FF, 8B, 2D, A0, 80, 40, 00, 85, C0, 75, 21, 68, FB, 03, 00, 00, 56, FF, 15, D0, 80, 40, 00, 68, 9C, A2, 40, 00, 56, FF, D5, E8, 69, FF, FF, FF, 85, C0, 0F, 84, 53, 01, 00, 00, BE, 40, 47, 42, 00, 56, FF, 15, 7C, 80, 40, 00, 68, 90, A2, 40, 00, 56, E8, 20, 2B...
 
[+]

Code size:
24.5 KB (25,088 bytes)

The file tt_setup_48_1000.exe has been seen being distributed by the following 2 URLs.

http://dlql.qq.com/dl_dir.qq.com/invc/.../TT_Setup_48_1000.exe

http://dl_dir.qq.com/invc/.../TT_Setup_48_1000.exe

Scan tt_setup_48_1000.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.