xtzjyjcz_v2.0.0.0_setup.1435053285.exe

系统之家一键重装

系统之家工作室

The executable xtzjyjcz_v2.0.0.0_setup.1435053285.exe has been detected as malware by 5 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dlsw.baidu.com.
Publisher:
系统之家工作室

Product:
系统之家一键重装

Version:
2.0.0.0

MD5:
9a86a1794c9a76e992db952f7027564e

SHA-1:
026e17ff4b61274b4f25d0bd6cb85d1eaf5a0827

SHA-256:
35f68d059cdf2f7675ebdc4502d67dd9f8d77dab55c38ca0a767c2d527331164

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
12/25/2024 8:26:54 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Agent.21153792
8.3.2.2

avast!
Win32:Malware-gen
2014.9-151129

IKARUS anti.virus
Trojan.Agent
t3scan.1.9.5.0

McAfee
Artemis!9A86A1794C9A
5600.6567

Quick Heal
HEUR.Trojan.g2
11.15.14.00

File size:
20.2 MB (21,153,792 bytes)

Product version:
2.0.0.0

Original file name:
WindowsZJ.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\xtzjyjcz_v2.0.0.0_setup.1435053285.exe

File PE Metadata
Compilation timestamp:
6/15/2015 7:02:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
393216:7Gq/FQUDKks2+T3fLz/Jflf/zPW+lEfVzK6zcnjObgnYvPcRHLISWHlK472hXRjw:75+kXALrz1EfV/zcUpvURHLISWHlK47x

Entry address:
0x1F73C4

Entry point:
B8, E0, DF, 76, 02, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 6B, 80, 6E, 4D, FD, 47, 80, F0, EB, A7, A5, CB, 37, 2F, C1, 6D, 48, C9, 19, ED, 12, CF, 84, C0, 83, 77, 34, 39, 60, 0A, E0, E4, B0, 9E, BD, 4C, 5E, 4E, 06, 1B, DF, 6C, 42, AC, 58, 8E, 0D, 4A, CE, 17, C8, 03, FA, E2, E8, 4E, 25, D5, CC, 0D, 8C, EE, 07, 59, AE, 27, 15, 0D, 21, 5B, 04, AC, BE, 7F, D5, F5, 7B, DE, 58, 13, B7, 39, BA, 78, D9, CE, F7, 0E, 22, 3F, 82, F2, 31...
 
[+]

Entropy:
7.9976

Packer / compiler:
PECompact v2

Code size:
2 MB (2,056,192 bytes)

The file xtzjyjcz_v2.0.0.0_setup.1435053285.exe has been seen being distributed by the following URL.

Remove xtzjyjcz_v2.0.0.0_setup.1435053285.exe - Powered by Reason Core Security