» 31ec9bf4dc61158da7f8c16ded8a868b
Overview
Analysis
File Details
Programs (1)
Downloads (5)

31ec9bf4dc61158da7f8c16ded8a868b

Qt4

Shenzhen Weiaipu Information Technology Co., Ltd.

This is installed with 3uTools. The file has been seen being downloaded from 220.243.228.93 and multiple other hosts.

File name:

Publisher:

Nokia Corporation and/or its subsidiary(-ies) (signed by Shenzhen Weiaipu Information Technology Co., Ltd.)

Product:

Qt4

Description:

C++ application development framework.

Version:

4.9.2.0

MD5:

31ec9bf4dc61158da7f8c16ded8a868b

SHA-1:

070e306688d6573537def994aa7583ab720a17b4

SHA-256:

184c57d9122f0a016ed9a5e0e7937fb9d8e6ca04710c3d86dba75f167a0dfbc3

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

5/20/2024 11:29:36 PM UTC (a few moments ago)

File size:

12.5 MB (13,116,784 bytes)

Original file name:

QtWebKit4.dll

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\31ec9bf4dc61158da7f8c16ded8a868b

Digital Signature

Signed by:

Shenzhen Weiaipu Information Technology Co., Ltd.

Authority:

GlobalSign nv-sa

Valid from:

10/27/2015 8:40:00 AM

Valid to:

10/27/2016 9:40:00 AM

Subject:

CN="Shenzhen Weiaipu Information Technology Co., Ltd.", O="Shenzhen Weiaipu Information Technology Co., Ltd.", L=Shenzhen, S=Guangdong, C=CN

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121BF567E7ECFBF9C01390F0CC8231DDC82

File PE Metadata

Compilation timestamp:

5/5/2012 1:36:59 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:2uYs3Yi8Fn7B2+D1a3mSLMwH58YUuGRwZizWZpibUK6FlNNN7wILO3h2LDyqx2e2:2+Hg2rMwZ8YUZR2iup8F0tLyhSyqx4t

Entry address:

0x81A066

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 32, 09, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, CC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, FF, 25, 70, 82, 8A, 10, FF, 25, 6C, 82, 8A, 10, FF, 25, 68, 82, 8A, 10, FF, 25, 64, 82, 8A, 10, FF, 25, 60, 82, 8A, 10, 6A, 10, 68, E8, B0, B6, 10, E8, 7C, 06, 00, 00, 33, C0, 89, 45, E0, 89, 45, FC, 89, 45, E4, 8B, 45, E4, 3B, 45, 10, 7D, 13, 8B, 75, 08, 8B, CE, FF, 55, 14, 03, 75, 0C, 89, 75, 08, FF, 45, E4, EB, E5, C7, 45, E0, 01, 00, 00, 00, C7, 45, FC, FE, FF... 
[+]

Code size:

8.7 MB (9,072,128 bytes)

The file 31ec9bf4dc61158da7f8c16ded8a868b has been discovered within the following programs.

3uTools by ShenZhen Waip Infomation Technology Co., Ltd.

www.i4.cn

About 6% of users remove it

The file 31ec9bf4dc61158da7f8c16ded8a868b has been seen being distributed by the following 5 URLs.

http://220.243.228.93/d.updater.3u.com/3utools/3utools/.../31EC9BF4DC61158DA7F8C16DED8A868B.dll?wsiphost=local

http://180.180.248.173/d.updater.3u.com/3utools/3utools/.../31EC9BF4DC61158DA7F8C16DED8A868B.dll

http://d.updater.3u.com/3utools/3utools/.../31EC9BF4DC61158DA7F8C16DED8A868B.dll

http://58.26.7.195/d.updater.3u.com/3utools/3utools/.../31EC9BF4DC61158DA7F8C16DED8A868B.dll

http://180.180.248.173/d.updater.3u.com/3utools/3utools/.../31EC9BF4DC61158DA7F8C16DED8A868B.dll?wsiphost=ipdb

Scan 31ec9bf4dc61158da7f8c16ded8a868b - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.