youbo_e81.exe

The application youbo_e81.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from cnrdn.com and multiple other hosts.
Description:
优播高清影视安装程序

Version:
4.5.9.1126

MD5:
4347fded083a077aa2e5ccd0135529aa

SHA-1:
6e1500a5eea94eff85a3ec0331d201304a5a0592

SHA-256:
f4ef8adc41e0b2313187722456379537668923e0d457ca0fe99345fbc50de645

Scanner detections:
23 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 2:45:10 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.64068
385

Agnitum Outpost
PUA.Downloader
7.1.1

Baidu Antivirus
Hacktool.Win32.Downloader
4.0.3.16116

Bitdefender
Gen:Variant.Strictor.64068
1.0.20.80

Dr.Web
Trojan.DownLoader11.23578
9.0.1.016

Emsisoft Anti-Malware
Gen:Variant.Strictor.64068
8.16.01.16.05

F-Prot
W32/A-b61623c6
v6.4.7.1.166

F-Secure
Gen:Variant.Strictor.64068
11.2016-16-01_7

G Data
Gen:Variant.Strictor.64068
16.1.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.5.0

K7 AntiVirus
Riskware
13.188.14496

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.809

McAfee
Artemis!4347FDED083A
5600.6519

MicroWorld eScan
Gen:Variant.Strictor.64068
17.0.0.48

NANO AntiVirus
Trojan.Win32.DarkKomet.dennwl
0.30.0.64448

Panda Antivirus
Trj/Chgt.D
16.01.16.05

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Quick Heal
Downloader.Agent.gc (Not a Virus)
1.16.14.00

Trend Micro House Call
TROJ_GEN.R02SC0EJL14
7.2.16

Trend Micro
TROJ_GEN.R02SC0EJL14
10.465.16

Vba32 AntiVirus
Backdoor.DarkKomet
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
36274

Zillya! Antivirus
Downloader.Agent.Win32.221069
2.0.0.2023

File size:
1.3 MB (1,412,608 bytes)

Product version:
1.1.0.0

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\downloads\youbo_e81.exe

File PE Metadata
Compilation timestamp:
6/23/2014 8:23:56 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:N7wWzU9mW2uUrRLfVD/lqlRLKKiH+bsqImPCZZJjomDOZx1ZAi6hRb1j:N7FzU9ryNdTlEZKK31CZPjomwvZEj

Entry address:
0x2B0001

Entry point:
60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, 00, 2B, 00, 83, BD, 7D, 04, 00, 00, 00, 89, 9D, 7D, 04, 00, 00, 0F, 85, C0, 03, 00, 00, 8D, 85, 89, 04, 00, 00, 50, FF, 95, 09, 0F, 00, 00, 89, 85, 81, 04, 00, 00, 8B, F0, 8D, 7D, 51, 57, 56, FF, 95, 05, 0F, 00, 00, AB, B0, 00, AE, 75, FD, 38, 07, 75, EE, 8D, 45, 7A, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72, 74, 75, 61, 6C, 46, 72, 65, 65, 00, 56, 69, 72, 74...
 
[+]

Entropy:
7.9778

Packer / compiler:
ASPack v2.12

Code size:
1.4 MB (1,482,240 bytes)

The file youbo_e81.exe has been seen being distributed by the following 3 URLs.

http://cnrdn.com/peOE

Remove youbo_e81.exe - Powered by Reason Core Security