home

xmp.exe

迅雷影音

ShenZhen Thunder Networking Technologies Ltd.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘XMP’.
Publisher:
深圳市迅雷网络技术有限公司  (signed by ShenZhen Thunder Networking Technologies Ltd.)

Product:
迅雷影音

Version:
3, 1, 26, 4342

MD5:
921a33d9aae1855cd3dbda347997712c

SHA-1:
93c5c783efaa96e3ff682351165ef9931900e9b1

SHA-256:
3260fb15d56272a967f6cdeee50f9e00c89c1a6e4c151623827eae0c1e64a5ce

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 12:41:09 AM UTC  (today)

File size:
256.8 KB (262,952 bytes)

Product version:
3, 1, 26, 4342

Copyright:
Copyright (c) 2003-2014 深圳市迅雷网络技术有限公司

Trademarks:
Xunlei

Original file name:
xmp.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\public\thunder network\xmp5\v5.1.26.4342\program\xmp.exe

Digital Signature
Signed by:
ShenZhen Thunder Networking Technologies Ltd.

Authority:
VeriSign, Inc.

Valid from:
6/16/2015 8:00:00 AM

Valid to:
7/26/2018 7:59:59 AM

Subject:
CN=ShenZhen Thunder Networking Technologies Ltd., OU=Operate, O=ShenZhen Thunder Networking Technologies Ltd., L=Shenzhen, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
22924899CDFCA0AB28CF2F91C8F2248B

File PE Metadata
Compilation timestamp:
10/26/2015 3:32:15 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x1DE0D

Entry point:
E8, DC, 03, 00, 00, E9, D7, FC, FF, FF, CC, FF, 25, D4, C3, 42, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 70, CE, 43, 00, 89, 0D, 6C, CE, 43, 00, 89, 15, 68, CE, 43, 00, 89, 1D, 64, CE, 43, 00, 89, 35, 60, CE, 43, 00, 89, 3D, 5C, CE, 43, 00, 66, 8C, 15, 88, CE, 43, 00, 66, 8C, 0D, 7C, CE, 43, 00, 66, 8C, 1D, 58, CE, 43, 00, 66, 8C, 05, 54, CE, 43, 00, 66, 8C, 25, 50, CE, 43, 00, 66, 8C, 2D, 4C, CE, 43, 00, 9C, 8F, 05, 80, CE, 43, 00, 8B, 45, 00, A3, 74, CE, 43, 00, 8B, 45, 04, A3, 78, CE, 43, 00...
 
[+]

Entropy:
6.4797

Code size:
168.5 KB (172,544 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
XMP

Command:
"C:\users\public\thunde~1\xmp5\v5126~1.434\program\xmp.exe" \embedding \sstartfrom startup103


Scan xmp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.