home

魔法桌面美化升级工具.exe

魔法桌面美化升级程序

BOENSI S&T Development Co., Ltd.

Publisher:
魔法桌面(北京)软件有限公司  (signed by BOENSI S&T Development Co., Ltd.)

Product:
魔法桌面美化升级程序

Version:
1.0.0.1

MD5:
9a65e0b2df81974ca867908a10ed2436

SHA-1:
5a6bcbca2758cc81a93503187ae3824f9d9afaca

SHA-256:
83a005e3c756803c8a1d06484b6e9bf3caaccb81f9ddaba1527e538825ebb347

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/16/2024 2:37:34 AM UTC  (today)

File size:
4.6 MB (4,802,888 bytes)

Product version:
1.0.0.1

Copyright:
魔法桌面(北京)软件有限公司. All rights reserved.

Original file name:
MoFaUpdate.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\魔法桌面美化升级工具.exe

Digital Signature
Signed by:
BOENSI S&T Development Co., Ltd.

Authority:
WoSign, Inc.

Valid from:
2/16/2011 8:00:00 AM

Valid to:
2/17/2012 7:59:59 AM

Subject:
CN="Magic Desktop S&T Development Co., Ltd.", OU=WoSign Class 3 Code Signing, O="BOENSI S&T Development Co., Ltd.", L=Tianjin, S=Tianjin, C=CN

Issuer:
CN=WoSign Code Signing Authority, O="WoSign, Inc.", C=US

Serial number:
00E8E82F4DD3B9EDB9F5DE24677373B2A1

File PE Metadata
Compilation timestamp:
2/9/2012 6:26:22 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:AyF1E+Yc7VFFgMbw5fDXKkfGasGVrlKsU1Qb209q1yf8oSv8:AyF6c7VFqaSKkRpZey2aR8oSk

Entry address:
0x230AF

Entry point:
E8, 81, 5B, 00, 00, E9, 17, FE, FF, FF, 3B, 0D, A0, C5, 4F, 00, 75, 02, F3, C3, E9, 01, 5C, 00, 00, 51, 53, 55, 56, 57, FF, 35, A8, 32, 50, 00, E8, 32, 55, 00, 00, FF, 35, A4, 32, 50, 00, 8B, F0, 89, 74, 24, 18, E8, 21, 55, 00, 00, 8B, F8, 3B, FE, 59, 59, 0F, 82, 84, 00, 00, 00, 8B, DF, 2B, DE, 8D, 6B, 04, 83, FD, 04, 72, 78, 56, E8, 63, 3A, 00, 00, 8B, F0, 3B, F5, 59, 73, 4A, B8, 00, 08, 00, 00, 3B, F0, 73, 02, 8B, C6, 03, C6, 3B, C6, 72, 10, 50, FF, 74, 24, 14, E8, 2C, 5D, 00, 00, 85, C0, 59, 59, 75, 17...
 
[+]

Entropy:
7.8478  (probably packed)

Code size:
832 KB (851,968 bytes)

Scan 魔法桌面美化升级工具.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.