home

xathu_v1.exe

Xạ Thủ

四三九九网络股份有限公司

Publisher:
四三九九网络股份有限公司

Product:
Xạ Thủ

Version:
3.0.0.1

MD5:
601453fe9cee0e97b05cbca4921c37b6

SHA-1:
b237c675dab2e49775c90f67a89510416da4a0c3

SHA-256:
c92da5a4a06fcf180a5050fd635f542892b1cf07730c58548028f74ede5718f1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/16/2024 2:35:46 AM UTC  (today)

File size:
926.5 KB (948,776 bytes)

Product version:
3.0.0.1

Copyright:
四三九九网络股份有限公司 保留所有权利

Original file name:
Hxjyyn.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\downloads\xathu_v1.exe

File PE Metadata
Compilation timestamp:
9/14/2015 2:14:25 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:xKJV9AovwKFOKqDX5XAvr04RF0DR/uQDf3MX:xK3qo4KFi16rlRF0DgC0X

Entry address:
0x236CD

Entry point:
60, BF, D4, 48, 2F, 38, 0F, BC, C7, 05, D9, 8B, 75, 74, 02, ED, 8A, CF, 84, DF, C7, C3, 13, E4, CE, 87, FE, C1, 0F, AB, E8, F3, 0F, A5, E9, FF, C1, 51, 0F, AD, C6, 5A, C7, C3, BA, D2, EA, 7A, 8A, E2, 8D, 3A, D2, D7, 0F, A4, FE, 4B, 85, D8, 86, DF, 0F, C0, DD, 84, DF, 0F, B7, F1, FE, C9, 88, F1, 0F, C0, E9, 69, F0, C9, E3, 51, BA, E8, 20, 00, 00, 00, 2D, 35, 5F, DD, 1C, F7, D8, 0F, C0, E7, 0F, A3, D1, 88, E5, 0F, C1, F8, 83, E6, 00, 0F, BF, CF, 03, F0, F7, C6, 4D, 21, 6E, EB, 5F, 3D, 04, EE, 00, 00, 74, 04...
 
[+]

Entropy:
7.5904

Code size:
227 KB (232,448 bytes)

The file xathu_v1.exe has been seen being distributed by the following URL.

http://m.f24.photo.zdn.vn/upload/original/2015/09/.../XaThu_v1.exe

Scan xathu_v1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.