home

wiskpru1.exe

BeiJing Baidu Netcom Science Technology Co., Ltd

This is a setup program which is used to install the application. The file has been seen being downloaded from scloud-dlsw.br.baidu.com.
Publisher:
BeiJing Baidu Netcom Science Technology Co., Ltd  (signed and verified)

MD5:
7e21c6adbb204b8b1a65156c87bd3662

SHA-1:
344c3315fafa78c9a2973c3b5adfa52affc9bb58

SHA-256:
b75cdd1d3fde7894f429527ba30bc3064e025bf24385635d56151d6116fc31bd

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 6:27:32 AM UTC  (today)

File size:
9 MB (9,458,208 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\wiskpru1.exe

Digital Signature
Signed by:
BeiJing Baidu Netcom Science Technology Co., Ltd

Authority:
Symantec Corporation

Valid from:
12/15/2015 8:00:00 AM

Valid to:
2/7/2018 7:59:59 AM

Subject:
CN="BeiJing Baidu Netcom Science Technology Co., Ltd", OU=" Engineering Excellence", O="BeiJing Baidu Netcom Science Technology Co., Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
1FD2D30E260FC289CFAF11518F2CD36F

File PE Metadata
Compilation timestamp:
7/7/2016 3:30:32 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:Z4i1LIbnT0pFqt7D5DqLIK8lzzO9yk0LIU2bJms1d76ezLEpBKx3NgUxfvdKsYW:Z4AMH03gXzlP8iLFszdmeXEqZZv4sz

Entry address:
0x8D6AD5

Entry point:
9C, C7, 04, 24, 58, D0, 23, 0A, E8, 77, E5, FF, FF, 60, F5, 3B, 45, F0, 68, DD, 5E, 30, 3E, 9C, E9, EF, EC, 00, 00, C1, 52, 6D, E3, C0, FE, 5B, 05, A2, 6C, E9, B7, 21, FF, 80, E0, E7, 51, 26, 3E, 91, C7, 82, 2B, A0, 0F, 59, FB, 46, 4F, 50, E5, 87, 43, 58, 53, 0D, 4F, 42, E7, EA, 70, 76, F3, 27, DD, 7F, AC, 4A, F6, ED, F4, 39, 30, C4, 70, 14, 38, 5D, 39, EB, E6, 6C, 5F, FD, AE, AE, FD, 35, F4, 8F, 57, CA, 88, AA, 7F, DA, 98, 60, 31, A1, 9C, CD, BD, 54, 3D, D1, 02, 38, B0, B9, 7B, 2E, 3C, EC, DB, CF, B0, 48...
 
[+]

Entropy:
7.8071  (probably packed)

Code size:
511 KB (523,264 bytes)

The file wiskpru1.exe has been seen being distributed by the following URL.

http://scloud-dlsw.br.baidu.com/auto_mini/.../WiSkPrU1.exe

Scan wiskpru1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.