WallpaperUpdate.exe

好桌道壁纸升级程序

Xiamen Yitianxia Network Technology Co., Ltd

Publisher:
http://bz.haozhuodao.com  (signed by Xiamen Yitianxia Network Technology Co., Ltd)

Product:
好桌道壁纸升级程序

Version:
2, 2, 0, 1

MD5:
4a5062780d451cfe7044426bc4201b57

SHA-1:
ba368664e424908167d4ea0dff79d9b9ce97f0f5

SHA-256:
6a5eb9f86e05b24b61c4265a8672a8e71cfe89675f6153ea2bc78da7498a26a3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 10:41:44 AM UTC  (today)

File size:
163.6 KB (167,512 bytes)

Product version:
2, 2, 0, 1

Copyright:
(C) 厦门易天下网络科技有限公司 版权所有

Original file name:
WallpaperUpdate.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\hzdwp\wallpaperupdate.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
1/15/2016 8:00:00 AM

Valid to:
3/16/2017 7:59:59 AM

Subject:
CN="Xiamen Yitianxia Network Technology Co., Ltd", OU=IT, O="Xiamen Yitianxia Network Technology Co., Ltd", L=Xiamen, S=Fujian, C=CN

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
46D364D28EA89C86E8E7B5C8C2A94EB2

File PE Metadata
Compilation timestamp:
2/19/2016 5:57:50 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:cg7goJd7C6owbkbexVOtQnJ5siREqEt1zxOjhPDVjYcPb5gNWTwJLxxnOroij:97dn2+7OtQnTsVqEthxChPpjYeuqwJLC

Entry address:
0xC51C

Entry point:
E8, 97, 04, 00, 00, E9, 36, FD, FF, FF, 6A, 14, 68, 10, FC, 40, 00, E8, CE, 01, 00, 00, 83, 65, FC, 00, FF, 4D, 10, 78, 3A, 8B, 4D, 08, 2B, 4D, 0C, 89, 4D, 08, FF, 55, 14, EB, ED, 8B, 45, EC, 89, 45, E4, 8B, 45, E4, 8B, 00, 89, 45, E0, 8B, 45, E0, 81, 38, 63, 73, 6D, E0, 74, 0B, C7, 45, DC, 00, 00, 00, 00, 8B, 45, DC, C3, E8, DC, 04, 00, 00, 8B, 65, E8, C7, 45, FC, FE, FF, FF, FF, E8, C4, 01, 00, 00, C2, 10, 00, 6A, 0C, 68, 30, FC, 40, 00, E8, 70, 01, 00, 00, 83, 65, E4, 00, 8B, 75, 0C, 8B, C6, 0F, AF, 45...
 
[+]

Entropy:
7.1996

Code size:
50 KB (51,200 bytes)

The file WallpaperUpdate.exe has been seen being distributed by the following URL.

Scan WallpaperUpdate.exe - Powered by Reason Core Security