» xxzs_20151223200555191xxzs_3.7.0.0.exe
Overview
Analysis
File Details
Downloads (1)

xxzs_20151223200555191xxzs_3.7.0.0.exe

广州通摩信息技术有限公司

This is a setup program which is used to install the application. The file has been seen being downloaded from usdpdown.game.uodoo.com.

File name:

Publisher:

广州通摩信息技术有限公司 (signed and verified)

MD5:

56e57325bf451750cb1fd7f77d80caf1

SHA-1:

6906fac9664b98dd7bfa37fc122c18261d458406

SHA-256:

08cb414aad8feec000799359de74da716ed751045ce941604d8d6de5e8f90f2d

Scanner detections:

6 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

11/24/2024 2:13:59 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.DR.Injector

7.1.1

IKARUS anti.virus

Backdoor.Hupigon

t3scan.1.9.5.0

K7 AntiVirus

Riskware

13.212.18233

McAfee

Artemis!23E6BD79215B

5600.6533

Vba32 AntiVirus

Trojan.KillAV

3.12.26.4

Zillya! Antivirus

Dropper.Injector.Win32.67649

2.0.0.2580

File size:

30.2 MB (31,684,216 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\xxzs_20151223200555191xxzs_3.7.0.0.exe

Digital Signature

Signed by:

广州通摩信息技术有限公司

Authority:

WoSign CA Limited

Valid from:

12/14/2015 3:40:25 PM

Valid to:

2/14/2017 3:40:25 PM

Subject:

CN=广州通摩信息技术有限公司, O=广州通摩信息技术有限公司, L=广州市, S=广东省, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

4D5DBA56FF8375E32AF20390F6A93CDB

File PE Metadata

Compilation timestamp:

3/15/2010 2:27:50 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

786432:PF4ULJaKyGRTOkNV4oUGH+z/dhhpCkh1WzGFT8:KmJ8o9UJh7CkfWzB

Entry address:

0xA7B1

Entry point:

E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, BE, 2B, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, D0, A7, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 1C, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 1C, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, AF, AC, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 40, 22, 41, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 44, 22, 41, 00, 8D, 45, E4... 
[+]

Entropy:

7.9987 (probably packed)

Code size:

66 KB (67,584 bytes)

The file xxzs_20151223200555191xxzs_3.7.0.0.exe has been seen being distributed by the following URL.

http://usdpdown.game.uodoo.com/.../xxzs_20151223200555191xxzs_3.7.0.0.exe

Scan xxzs_20151223200555191xxzs_3.7.0.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.