youbo_c17.exe

刘诗诗

The application youbo_c17.exe by 刘诗诗 has been detected as a potentially unwanted program by 23 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.baidu.com and multiple other hosts.
Publisher:
刘诗诗  (signed and verified)

Description:
优播高清影视安装程序

Version:
4.5.12.1129

MD5:
285a2219c14e1d62ed1ad6b36e67d015

SHA-1:
704036f86d7478eccaccae7fcb5d393a36b4b9de

Scanner detections:
23 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 12:03:19 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Backdoor.Generic.923470
300

Agnitum Outpost
Trojan.DownLoader
7.1.1

Avira AntiVirus
BDS/Rogue.1417392
8.3.2.4

Arcabit
Backdoor.Generic.DE174E
1.0.0.637

AVG
Generic7
2017.0.2778

Baidu Antivirus
Adware.Win32.SBYinYing
4.0.3.16410

Bitdefender
Backdoor.Generic.923470
1.0.20.505

Clam AntiVirus
Win.Trojan.Graftor-1905
0.98/21511

Comodo Security
ApplicUnwnt
23817

Dr.Web
Trojan.DownLoader11.23578
9.0.1.0101

Emsisoft Anti-Malware
Backdoor.Generic.923470
8.16.04.10.01

ESET NOD32
Win32/Adware.SBYinYing (variant)
10.12758

F-Secure
Backdoor.Generic.923470
11.2016-10-04_1

G Data
Backdoor.Generic.923470
16.4.25

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.212.18175

McAfee
Artemis!285A2219C14E
5600.6434

MicroWorld eScan
Backdoor.Generic.923470
17.0.0.303

NANO AntiVirus
Trojan.Win32.DarkKomet.dennwl
1.0.10.5081

nProtect
Backdoor.Generic.923470
15.12.21.01

Vba32 AntiVirus
Backdoor.DarkKomet
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
45948

Zillya! Antivirus
Downloader.Agent.Win32.221069
2.0.0.2573

File size:
1.4 MB (1,417,392 bytes)

Product version:
1.1.0.0

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\youbo_c17.exe

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
6/11/2014 4:48:01 PM

Valid to:
6/11/2015 4:48:01 PM

Subject:
CN=刘诗诗, E=5011net@sina.com, L=常山县, S=浙江省, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
05767A56D82D3A4015513D7E7534F5F1

File PE Metadata
Compilation timestamp:
6/23/2014 8:25:42 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:o7wWzU9mW2uUrRLfVh/lqlRLKKiH+bsqImPCZZJjomDOZx1ZAi6hRbhji:o7FzU9ryNdhlEZKK31CZPjomwvZwji

Entry address:
0x2B0001

Entry point:
60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, 00, 2B, 00, 83, BD, 7D, 04, 00, 00, 00, 89, 9D, 7D, 04, 00, 00, 0F, 85, C0, 03, 00, 00, 8D, 85, 89, 04, 00, 00, 50, FF, 95, 09, 0F, 00, 00, 89, 85, 81, 04, 00, 00, 8B, F0, 8D, 7D, 51, 57, 56, FF, 95, 05, 0F, 00, 00, AB, B0, 00, AE, 75, FD, 38, 07, 75, EE, 8D, 45, 7A, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72, 74, 75, 61, 6C, 46, 72, 65, 65, 00, 56, 69, 72, 74...
 
[+]

Entropy:
7.9779

Packer / compiler:
ASPack v2.12

Code size:
1.4 MB (1,482,240 bytes)

The file youbo_c17.exe has been seen being distributed by the following 2 URLs.

Remove youbo_c17.exe - Powered by Reason Core Security