2013-12-31_powerword.100.exe

Zhuhai Kingsoft Software Co.,Ltd

This is a setup program which is used to install the application. The file has been seen being downloaded from download.skycn.com.
Publisher:
Zhuhai Kingsoft Software Co.,Ltd  (signed and verified)

MD5:
ccbdf74de06f0cf7188a1546a73231e8

SHA-1:
14b9b4fb0b61f4d251e9627a328c5716034dbe74

SHA-256:
3bcff7ad80b4260554a58439377443a71bf9eb43cc87fe0297055fb3faf351ee

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
8/21/2018 4:36:39 PM UTC  (today)

File size:
9 MB (9,390,168 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\2013-12-31_powerword.100.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
5/30/2012 12:00:00 PM

Valid to:
7/9/2015 11:59:59 AM

Subject:
CN="Zhuhai Kingsoft Software Co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Zhuhai Kingsoft Software Co.,Ltd", L=Zhuhai, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7BFD453A9507D02E0183A6C815679E5F

File PE Metadata
OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:7tkscnjDwlyWNssmz+QSRFuSinolQdP9Kive0IzGTPJscWx5F:7tksijuyyU+HRfed1Zv8GTutB

Entry address:
0x6927A

Entry point:
E8, 5E, EA, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, A4, 05, 4A, 00, 00, 74, 05, E9, BC, EA, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01...
 
[+]

Entropy:
7.9365  (probably packed)

Code size:
523.5 KB (536,064 bytes)

The file 2013-12-31_powerword.100.exe has been seen being distributed by the following URL.

Scan 2013-12-31_powerword.100.exe - Powered by Reason Core Security