home

usb gamepad.exe

WYunpeng Application

XINGCHEN ELECTRONICS TECHNOLOGY

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘USB Gamepad’.
Publisher:
XINGCHEN ELECTRONICS TECHNOLOGY  (signed and verified)

Product:
WYunpeng Application

Description:
WYunpeng MFC Application

Version:
1, 4, 31010, 483

MD5:
3d85b72f68fab938b157cba945770d4b

SHA-1:
ab7180899412185c1f3b7a2dd8f5ced710ee6175

SHA-256:
f8e76a114f83a41c45be021ae35114971d2ba9a9025cc154697f03045d09e108

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/28/2024 9:40:39 AM UTC  (today)

File size:
761.1 KB (779,328 bytes)

Product version:
1, 4, 31010, 483

Copyright:
Copyright (C) 2005

Original file name:
yunpeng.EXE

File type:
Executable application (Win64 EXE)

Common path:
C:\windows\usb vibration\3331\usb gamepad.exe

Digital Signature
Signed by:
XINGCHEN ELECTRONICS TECHNOLOGY

Authority:
VeriSign, Inc.

Valid from:
5/16/2008 8:00:00 AM

Valid to:
4/25/2009 7:59:59 AM

Subject:
CN=XINGCHEN ELECTRONICS TECHNOLOGY, OU=Engineer Department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=XINGCHEN ELECTRONICS TECHNOLOGY, L=ShenZhen, S=GuangDong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
43637EB30396A400A3F12E1264FCF006

File PE Metadata
Compilation timestamp:
3/13/2009 3:15:25 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:98Gh0mSjku8XaDuJyyonnpRA6svDgW0U8zP0zP2nZZOmNKhlv4DEl:afjnZSJy7pRJgF0fnZs0KhqIl

Entry address:
0x115C0

Entry point:
48, 8B, C4, 48, 81, EC, A8, 00, 00, 00, 48, 89, 58, 18, 48, 89, 78, 20, 48, 8D, 48, 88, FF, 15, 1C, EC, 01, 00, 90, FF, 15, 6D, EF, 01, 00, 48, 8B, C8, 33, D2, 41, B8, 94, 00, 00, 00, FF, 15, E4, EB, 01, 00, 48, 8B, D8, 48, 85, C0, 75, 0A, B8, FF, 00, 00, 00, E9, 62, 02, 00, 00, C7, 00, 94, 00, 00, 00, 48, 8B, C8, FF, 15, 13, EF, 01, 00, 85, C0, 75, 1E, FF, 15, 31, EF, 01, 00, 48, 8B, C8, 4C, 8B, C3, 33, D2, FF, 15, A3, EB, 01, 00, B8, FF, 00, 00, 00, E9, 31, 02, 00, 00, 8B, 43, 10, 89, 05, 4C, 9A, 03, 00...
 
[+]

Entropy:
4.5959

Code size:
184.5 KB (188,928 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
USB Gamepad

Command:
C:\windows\usb vibration\3331\usb gamepad.exe -boot


Scan usb gamepad.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.