home

ws0df362b0.dat

Yu Bao

The file ws0df362b0.dat by Yu Bao has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from 113.171.224.245 and multiple other hosts.
Publisher:
Yu Bao  (signed and verified)

Version:
20151110204556

MD5:
0221332260491341aead9a663083e4ac

SHA-1:
5642122a7cc837d7dd21a9ce623f2ea9f3c31e7a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 8:00:28 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.YuBao (M)
16.1.6.0

File size:
1.4 MB (1,471,704 bytes)

Product version:
20151110204556

Copyright:
Copyright 2015 Rafotech. All rights reserved

Language:
English (United States)

Digital Signature
Signed by:
Yu Bao

Authority:
thawte, Inc.

Valid from:
10/20/2015 10:00:00 PM

Valid to:
10/20/2016 9:59:59 PM

Subject:
CN=Yu Bao, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
17C6AE891D357C16ADC447794EA40FC5

The file ws0df362b0.dat has been seen being distributed by the following 5 URLs.

http://113.171.224.245/.../setup.exe

http://113.171.224.207/.../setup.exe

http://d2xvc2nqkduarq.cloudfront.net/.../setup.exe

http://113.171.224.167/.../setup.exe

http://winipoly.me/.../310714_a10.exe

Remove ws0df362b0.dat - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.