xxzs_20151223200555191xxzs_3.7.0.0.exe

广州通摩信息技术有限公司

This is a setup program which is used to install the application. The file has been seen being downloaded from usdpdown.game.uodoo.com.
Publisher:
广州通摩信息技术有限公司  (signed and verified)

MD5:
56e57325bf451750cb1fd7f77d80caf1

SHA-1:
6906fac9664b98dd7bfa37fc122c18261d458406

SHA-256:
08cb414aad8feec000799359de74da716ed751045ce941604d8d6de5e8f90f2d

Scanner detections:
6 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/24/2024 2:13:59 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.DR.Injector
7.1.1

IKARUS anti.virus
Backdoor.Hupigon
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.212.18233

McAfee
Artemis!23E6BD79215B
5600.6533

Vba32 AntiVirus
Trojan.KillAV
3.12.26.4

Zillya! Antivirus
Dropper.Injector.Win32.67649
2.0.0.2580

File size:
30.2 MB (31,684,216 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\xxzs_20151223200555191xxzs_3.7.0.0.exe

Digital Signature
Authority:
WoSign CA Limited

Valid from:
12/14/2015 3:40:25 PM

Valid to:
2/14/2017 3:40:25 PM

Subject:
CN=广州通摩信息技术有限公司, O=广州通摩信息技术有限公司, L=广州市, S=广东省, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
4D5DBA56FF8375E32AF20390F6A93CDB

File PE Metadata
Compilation timestamp:
3/15/2010 2:27:50 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
786432:PF4ULJaKyGRTOkNV4oUGH+z/dhhpCkh1WzGFT8:KmJ8o9UJh7CkfWzB

Entry address:
0xA7B1

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, BE, 2B, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, D0, A7, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 1C, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 1C, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, AF, AC, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 40, 22, 41, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 44, 22, 41, 00, 8D, 45, E4...
 
[+]

Entropy:
7.9987  (probably packed)

Code size:
66 KB (67,584 bytes)

The file xxzs_20151223200555191xxzs_3.7.0.0.exe has been seen being distributed by the following URL.

Scan xxzs_20151223200555191xxzs_3.7.0.0.exe - Powered by Reason Core Security