» WallpaperUpdate.exe
Overview
Analysis
File Details
Downloads (1)

WallpaperUpdate.exe

好桌道壁纸升级程序

Xiamen Yitianxia Network Technology Co., Ltd

File name:

WallpaperUpdate.exe

Publisher:

http://bz.haozhuodao.com (signed by Xiamen Yitianxia Network Technology Co., Ltd)

Product:

好桌道壁纸升级程序

Version:

2, 2, 0, 1

MD5:

4a5062780d451cfe7044426bc4201b57

SHA-1:

ba368664e424908167d4ea0dff79d9b9ce97f0f5

SHA-256:

6a5eb9f86e05b24b61c4265a8672a8e71cfe89675f6153ea2bc78da7498a26a3

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/24/2024 2:54:47 AM UTC (today)

File size:

163.6 KB (167,512 bytes)

Product version:

2, 2, 0, 1

Original file name:

WallpaperUpdate.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\hzdwp\wallpaperupdate.exe

Digital Signature

Signed by:

Xiamen Yitianxia Network Technology Co., Ltd

Authority:

Symantec Corporation

Valid from:

1/15/2016 8:00:00 AM

Valid to:

3/16/2017 7:59:59 AM

Subject:

CN="Xiamen Yitianxia Network Technology Co., Ltd", OU=IT, O="Xiamen Yitianxia Network Technology Co., Ltd", L=Xiamen, S=Fujian, C=CN

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

46D364D28EA89C86E8E7B5C8C2A94EB2

File PE Metadata

Compilation timestamp:

2/19/2016 5:57:50 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:cg7goJd7C6owbkbexVOtQnJ5siREqEt1zxOjhPDVjYcPb5gNWTwJLxxnOroij:97dn2+7OtQnTsVqEthxChPpjYeuqwJLC

Entry address:

0xC51C

Entry point:

E8, 97, 04, 00, 00, E9, 36, FD, FF, FF, 6A, 14, 68, 10, FC, 40, 00, E8, CE, 01, 00, 00, 83, 65, FC, 00, FF, 4D, 10, 78, 3A, 8B, 4D, 08, 2B, 4D, 0C, 89, 4D, 08, FF, 55, 14, EB, ED, 8B, 45, EC, 89, 45, E4, 8B, 45, E4, 8B, 00, 89, 45, E0, 8B, 45, E0, 81, 38, 63, 73, 6D, E0, 74, 0B, C7, 45, DC, 00, 00, 00, 00, 8B, 45, DC, C3, E8, DC, 04, 00, 00, 8B, 65, E8, C7, 45, FC, FE, FF, FF, FF, E8, C4, 01, 00, 00, C2, 10, 00, 6A, 0C, 68, 30, FC, 40, 00, E8, 70, 01, 00, 00, 83, 65, E4, 00, 8B, 75, 0C, 8B, C6, 0F, AF, 45... 
[+]

Entropy:

7.1996

Code size:

50 KB (51,200 bytes)

The file WallpaperUpdate.exe has been seen being distributed by the following URL.

http://update.bizhi.haozhuodao.com/WallpaperUpdate.exe

Scan WallpaperUpdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.