home

velocmgr.exe

极速拷贝辅助模块

Tian Hengyu

The application velocmgr.exe by Tian Hengyu has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
烟台市正浩网络科技有限公司  (signed by Tian Hengyu)

Product:
极速拷贝辅助模块

Version:
1.0.1.1

MD5:
bf856fb7067c3a2ed3780235d07126ea

SHA-1:
a9c2bb91f6dd31ead47334b4deed070e5077da9c

SHA-256:
f25f4cf8ba33a225e82695ba19dcdadf65bb39f932f6ba2d59a1569035304012

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 10:35:00 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TianHengyu
16.2.29.17

File size:
498.4 KB (510,408 bytes)

Product version:
1.0.1.1

Copyright:
烟台市正浩网络科技有限公司

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\veloccopy\velocmgr.exe

Digital Signature
Signed by:
Tian Hengyu

Authority:
WoSign CA Limited

Valid from:
6/5/2015 3:51:07 PM

Valid to:
6/5/2016 4:17:06 PM

Subject:
CN=Tian Hengyu, L=Yantai, S=Shandong, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
10F11866155FF64970C3DE4F52CEAC30

File PE Metadata
Compilation timestamp:
2/3/2016 11:06:29 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:YDfk5swd6aiQ729wbUqc48BFDAcMi+YNzzjVd6rdR:mk5EJz9wbUqc7BJAcMi+YNzzpd6rdR

Entry address:
0x1E6D5

Entry point:
E8, DF, 5E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 98, FC, 45, 00, 89, 0D, 94, FC, 45, 00, 89, 15, 90, FC, 45, 00, 89, 1D, 8C, FC, 45, 00, 89, 35, 88, FC, 45, 00, 89, 3D, 84, FC, 45, 00, 66, 8C, 15, B0, FC, 45, 00, 66, 8C, 0D, A4, FC, 45, 00, 66, 8C, 1D, 80, FC, 45, 00, 66, 8C, 05, 7C, FC, 45, 00, 66, 8C, 25, 78, FC, 45, 00, 66, 8C, 2D, 74, FC, 45, 00, 9C, 8F, 05, A8, FC, 45, 00, 8B, 45, 00, A3, 9C, FC, 45, 00, 8B, 45, 04, A3, A0, FC, 45, 00, 8D, 45, 08, A3, AC, FC, 45...
 
[+]

Entropy:
7.0024

Code size:
282 KB (288,768 bytes)

Remove velocmgr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.