» 如意全智能刷分3.9版本.exe
Overview
Analysis
File Details

如意全智能刷分3.9版本.exe

Fuzhou TianxiaChuangshi Digital Co.,Ltd.

The executable 如意全智能刷分3.9版本.exe has been detected as malware by 7 anti-virus scanners. Accoriding to the detections, this has been classified as a kyelogger which is capable of recoring a user's keystrokes.

File name:

如意全智能刷分3.9版本.exe

Publisher:

Fuzhou TianxiaChuangshi Digital Co.,Ltd. (signed and verified)

MD5:

0d9d6aa8f420a1421fa8fba79c54f5e6

SHA-1:

322f02b2963533859cea67034e14123c73ea8c57

Scanner detections:

7 / 68

Status:

Malware

Analysis date:

4/19/2024 8:09:06 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.KeyLogger

7.1.1

avast!

Win32:Malware-gen

2014.9-151101

Clam AntiVirus

Trojan.Agent-291773

0.98/21511

Dr.Web

Trojan.KeyLogger.23952

9.0.1.0305

McAfee

Artemis!0D9D6AA8F420

5600.6595

NANO AntiVirus

Trojan.Win32.KeyLogger.bskubm

0.30.26.3947

Zillya! Antivirus

Dropper.Small.Win32.4766

2.0.0.2445

File size:

2 MB (2,076,644 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\documents and settings\administrator\桌面\【bnb】如意全能刷分腳本 v3.9\如意全智能刷分3.9版本.exe

Digital Signature

Signed by:

Fuzhou TianxiaChuangshi Digital Co.,Ltd.

Authority:

WoSign, Inc.

Valid from:

1/13/2010 8:00:00 AM

Valid to:

1/14/2011 7:59:59 AM

Subject:

CN="Fuzhou TianxiaChuangshi Digital Co.,Ltd.", OU=Class 3 - for Microsoft Authenticode Signing, O="Fuzhou TianxiaChuangshi Digital Co.,Ltd.", L=Fuzhou, S=Fujian, C=CN

Issuer:

CN=WoSign Code Signing Authority, O="WoSign, Inc.", C=US

Serial number:

03B3E80789FEE6ABE93DD972817E53F8

File PE Metadata

Compilation timestamp:

3/19/2010 4:12:36 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:8mhV5tCe2eAuUf0ZeWfJkRukUC9yjpTDwF0RwOHgb8hpDO:8yV5Uu6f0Zea1gyjpTDbhVpDO

Entry address:

0x1FCEC

Entry point:

55, 8B, EC, 6A, FF, 68, F0, 5A, 4A, 00, 68, D4, FC, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 3C, CD, 47, 00, 59, 83, 0D, D4, DE, 4E, 00, FF, 83, 0D, D8, DE, 4E, 00, FF, FF, 15, 40, CD, 47, 00, 8B, 0D, 0C, BF, 4E, 00, 89, 08, FF, 15, 44, CD, 47, 00, 8B, 0D, 08, BF, 4E, 00, 89, 08, A1, 48, CD, 47, 00, 8B, 00, A3, D0, DE, 4E, 00, E8, 22, 01, 00, 00, 39, 1D, 78, 80, 4E, 00, 75, 0C, 68, 7A, FE, 41, 00, FF, 15, 4C, CD... 
[+]

Entropy:

5.8939

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

492 KB (503,808 bytes)

Remove 如意全智能刷分3.9版本.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.