home

upgrade.exe

超级老师

梁海云

Publisher:
KIM教育工厂  (signed by 梁海云)

Product:
超级老师

Version:
3.0.0.1

MD5:
f32ba51eca3a784a18d9a598f2ee0044

SHA-1:
b5d4bb5d973e461f6d609fb1eeed3c20bc11e36d

SHA-256:
7b8c6dc7da98fcbdb938518c7e3e3195366274d350c9d15f26be9565345d6537

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/27/2024 11:31:00 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

File size:
408 KB (417,768 bytes)

Product version:
3.0.0.1

Copyright:
Copyright (C) 2015 KIM教育工厂

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\supteacher\upgrade.exe

Digital Signature
Signed by:
梁海云

Authority:
WoSign CA Limited

Valid from:
4/24/2015 4:50:23 PM

Valid to:
4/24/2016 5:50:23 PM

Subject:
CN=梁海云, E=benbengou2008@126.com, L=秦皇岛市, S=河北省, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA G2, O=WoSign CA Limited, C=CN

Serial number:
597CD61BC2245231ABE1ED7D963166D4

File PE Metadata
Compilation timestamp:
10/19/2015 6:50:13 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:bQhTidjJtQ5rqHWKkZT02M62MUH1BRMgJkKRM3zYo4i/GNMu8:bQh+93Q5rErAo62MeegJJMDviU

Entry address:
0x277C1

Entry point:
E8, BC, DE, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 00, B9, 45, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 78, 87, 45, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 00, B9, 45, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7...
 
[+]

Entropy:
6.6347

Code size:
281.5 KB (288,256 bytes)

Scan upgrade.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.