home

嫖厒轄栭.exe

Shanghai Dragon Habitat Network Information Technology Co., Ltd.

The application 嫖厒轄栭.exe by Shanghai Dragon Habitat Network Information Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
ly_update  (signed by Shanghai Dragon Habitat Network Information Technology Co., Ltd.)

Product:
ly_update

Version:
1.00

MD5:
b9df0b9743716ba97ba3717a7c617519

SHA-1:
ff5908adc77470db276917952f341a703d482d23

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/24/2024 6:14:52 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.11.7.22

File size:
159.1 KB (162,968 bytes)

Product version:
1.00

Copyright:
ly_update

Trademarks:
ly_update

Original file name:
playIco.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\嫖厒轄栭.exe

Digital Signature
Signed by:
Shanghai Dragon Habitat Network Information Technology Co., Ltd.

Authority:
WoSign eCommerce Services Limited

Valid from:
8/28/2012 2:03:24 AM

Valid to:
8/30/2013 7:41:29 AM

Subject:
E=shxiaohei@vip.qq.com, CN="Shanghai Dragon Habitat Network Information Technology Co., Ltd.", O="Shanghai Dragon Habitat Network Information Technology Co., Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:
060E3CD0F5C7EE

File PE Metadata
Compilation timestamp:
6/11/2013 6:12:09 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:bvysuaA/knQYxMDozuScFPf9Oatm/yy79OAEbW2qpv1RmHRX88u2mfbY9OA3MeBB:bvjPOq/YFPX9O2qpCHRXmAck+i

Entry address:
0x2574

Entry point:
68, 2C, 77, 40, 00, E8, EE, FF, FF, FF, 00, 00, 40, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 15, 24, 67, 2A, FE, 05, 57, 46, B4, D4, 4A, F5, 52, 72, 04, 78, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 2D, 43, 30, 30, 30, 2D, 54, 45, 53, 54, 49, 54, 00, 30, 00, 30, 34, 36, 7D, 23, 32, 2E, 00, 00, 00, 00, 88, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 06, 00, 00, 00, 51, BD, E6, 16, D1, B6, 5F, 49, 98, 57, CA, AA, A8, 59, AA, B8, 01, 00, 00, 00, A0, 00, 00, 00, B0, 00, 00, 00, 01, 00, 00, 00...
 
[+]

Entropy:
5.9815

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
128 KB (131,072 bytes)

Remove 嫖厒轄栭.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.