xdtg.exe

游戏盒安装向导

Shanghai Youxun Information Technology Co.,Ltd.

This is a setup program which is used to install the application. The file has been seen being downloaded from 172.16.144.167 and multiple other hosts.
Publisher:

Product:
游戏盒安装向导

Version:
1, 1, 8, 7

MD5:
d641da72446ce4bf508aa484cfda6619

SHA-1:
412dcd1d784c65618767a1a06fe6f73399b80683

SHA-256:
dea6f7fcec743e0ce81e6b731cfcbd8780faf665458a0422d33e971bf620698d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 2:28:26 AM UTC  (today)

File size:
7.4 MB (7,772,248 bytes)

Product version:
1, 1, 8, 7

Copyright:
Copyright (C) 2014-2015

Original file name:
anzer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\xdtg.exe

Digital Signature
Authority:
WoSign CA Limited

Valid from:
12/1/2015 1:53:37 AM

Valid to:
2/1/2017 1:53:37 AM

Subject:
CN="Shanghai Youxun Information Technology Co.,Ltd.", E=2880623729@qq.com, O="Shanghai Youxun Information Technology Co.,Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA G2, O=WoSign CA Limited, C=CN

Serial number:
5498B58151B66CFFDE0426C598505CC4

File PE Metadata
Compilation timestamp:
4/1/2016 3:15:35 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:dgtVb3B0VblZItvRe9Y63rzwPHPPz2slV/KfWmMQ1XFrb+xWlvl/4lsfn/z6wmh8:d0b3KbPItFPnicCFv+Ul54qPLn

Entry address:
0x511FD

Entry point:
E8, E6, 90, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, 40, 4A, 4A, 00, 75, 02, F3, C3, E9, 68, 91, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, 2F, 21, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 6C, 14, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 0A, 21, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, 26, 15, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D, C3, 8B, C1, 83, 60, 04, 00, 83, 60, 08, 00...
 
[+]

Entropy:
7.9373  (probably packed)

Code size:
528.5 KB (541,184 bytes)

The file xdtg.exe has been seen being distributed by the following 21 URLs.

http://172.16.144.167:81/2Q2WFA4B0331BD28033CF86FF6BA3CA67A1A1C60070F_unknown_EFC984814FB6D75CFDE23FA37FEA802C2FE88B39_8/box64.yxdown.com/.../xdtg.exe

http://120.198.248.201/cache/box64.yxdown.com/.../xdtg.exe

http://183.207.95.61/cache/box64.yxdown.com/.../xdtg.exe

http://192.168.1.25/cache/3/01/yxdown.com/.../xdtg.exe

http://221.181.104.38/cache/box64.yxdown.com/.../xdtg.exe

http://10.200.200.222/files/20030000002A8271/box64.yxdown.com/.../xdtg.exe

http://111.63.135.75/files/3003000028AA3DDF/box64.yxdown.com/.../xdtg.exe

http://117.169.67.27:6510/box64.yxdown.com/.../xdtg.exe

http://111.1.50.69/files/4003000006258B79/box64.yxdown.com/.../xdtg.exe

http://183.91.33.45/box64.yxdown.com/.../xdtg.exe

http://172.16.100.10/files/4003000000E014BA/box64.yxdown.com/.../xdtg.exe

http://211.161.151.145/hotfiles/10030000073DCF72/211.161.151.147/files/A0030000073DCF72/box64.yxdown.com/.../xdtg.exe

http://111.7.131.14/cache/box64.yxdown.com/.../xdtg.exe

http://117.169.67.7/2a2/d1a3d/.../xdtg.exe

http://112.17.14.17/cache/box64.yxdown.com/.../xdtg.exe

http://111.7.136.11/cache/box64.yxdown.com/.../xdtg.exe

http://211.136.65.149/cache/box64.yxdown.com/.../xdtg.exe

http://101.106.238.9/files/4003000001954B1E/box64.yxdown.com/.../xdtg.exe

http://49.119.174.136:6610/box64.yxdown.com/.../xdtg.exe

http://10.100.99.99/files/4003000000C0DC62/box64.yxdown.com/.../xdtg.exe

Scan xdtg.exe - Powered by Reason Core Security