home

雷特字幕注册机.exe

Shanghai Bo Yi Information Technology Co. Ltd.

The executable 雷特字幕注册机.exe, “Safengine - Professional Software Protection Tool” has been detected as malware by 9 anti-virus scanners.
Publisher:
Safengine  (signed by Shanghai Bo Yi Information Technology Co. Ltd.)

Product:
Safengine

Description:
Safengine - Professional Software Protection Tool

Version:
2.2.0.0

MD5:
7838757499b3157bee946a845b1be660

SHA-1:
36b2ebb8c981a3cb10af92e12c9f62b7c45bbf79

SHA-256:
f207714e6371ca61ad753806fea7027d455bffc345a06a73e81c6fba755e6793

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
4/27/2024 12:02:20 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Win32/Heur
2017.0.2698

Comodo Security
TrojWare.Win32.Amtar.KNB
19920

ESET NOD32
Win32/Packed.NoobyProtect (variant)
10.10628

Fortinet FortiGate
PossibleThreat
6/29/2016

K7 AntiVirus
Trojan
13.185.13813

McAfee
Artemis!7838757499B3
5600.6354

Norman
Genetik.AD
11.20160629

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.16627

VIPRE Antivirus
Trojan.Win32.Generic
34284

File size:
2.7 MB (2,872,096 bytes)

Product version:
2.2.0.0

Copyright:
2007 - 2013 Safengine

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ltwezmzcj_pj\小篆2.1注册机\雷特字幕注册机.exe

Digital Signature
Signed by:
Shanghai Bo Yi Information Technology Co. Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/15/2012 8:00:00 AM

Valid to:
3/20/2015 7:59:59 AM

Subject:
CN=Shanghai Bo Yi Information Technology Co. Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Shanghai Bo Yi Information Technology Co. Ltd., L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3BDC743ADE918E2EC09F3A9FDD929776

File PE Metadata
Compilation timestamp:
7/15/2013 12:03:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:Qq0pbbjLpzCu2jphipuTdMc/xX3yvx4bQ:Q/pPx+VphO0b6x4bQ

Entry address:
0x32B5E6

Entry point:
E8, 1F, 00, 00, 00, 53, 61, 66, 65, 6E, 67, 69, 6E, 65, 20, 4E, 65, 74, 4C, 69, 63, 65, 6E, 73, 6F, 72, 20, 76, 32, 2E, 32, 2E, 30, 2E, 30, 00, EB, C4, 37, B4, 2A, 4D, BC, 54, 21, 60, A3, DA, 35, 81, 04, 24, 9B, 02, 00, 00, E8, E6, 74, E2, FF, 61, E9, C0, 55, FC, FF, 83, EC, 12, 83, EC, 06, E8, 80, 00, 00, 00, 26, A6, 34, 53, AE, 46, 57, BE, 89, 28, 4B, 89, 5C, 24, 12, 83, C4, 26, 66, 89, 2C, 24, F9, 83, C4, 00, 8D, 64, 24, 03, EB, D5, E1, 60, F6, 91, 60, 85, 19, 9D, 0D, 54, A7, 5B, 6C, 7F, 46, F1, 44, 72...
 
[+]

Entropy:
7.7878  (probably packed)

Remove 雷特字幕注册机.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.