home

720脚本加密工具.exe

Guangzhou WeiSi Software CO.,ltd

The executable 720脚本加密工具.exe has been detected as malware by 6 anti-virus scanners.
Publisher:
Guangzhou WeiSi Software CO.,ltd  (signed and verified)

MD5:
39dfe7b68644c3b6ee48a3fc0d69f34d

SHA-1:
a1ff96f8bd8e5a7a83ee5212d87c2a96f6ca5526

SHA-256:
8f38fdcf89d70d7ce8066a8e18f88b528d88135a9d068d50980e8c18b058466b

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
4/23/2024 11:30:31 AM UTC  (today)

Scan engine
Detection
Engine version

Bitdefender
Gen:Variant.Symmi.14935
1.0.20.225

Emsisoft Anti-Malware
Gen:Variant.Symmi.14935
8.14.02.14.11

F-Secure
Gen:Variant.Symmi.14935
11.2014-14-02_6

G Data
Gen:Variant.Symmi.14935
14.2.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.2.2.29

MicroWorld eScan
Gen:Variant.Symmi.14935
15.0.0.135

File size:
129.5 KB (132,608 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\720\720??????.exe

Digital Signature
Signed by:
Guangzhou WeiSi Software CO.,ltd

Authority:
VeriSign, Inc.

Valid from:
12/12/2011 3:00:00 AM

Valid to:
12/12/2013 2:59:59 AM

Subject:
CN="Guangzhou WeiSi Software CO.,ltd", OU=Provided by TrustAsia, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Guangzhou WeiSi Software CO.,ltd", L=Guangzhou, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
34A8542D8EF5B16826F5BC0C01A81DB3

File PE Metadata
Compilation timestamp:
11/15/2013 12:25:17 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:u84YeMQEt1aRnZF62ccGmHL/6vIRQRHSkPFU:f4KnaZZTcc164c99U

Entry address:
0x78A9

Entry point:
E8, 7A, 04, 00, 00, E9, 36, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 50, C2, 41, 00, 89, 0D, 4C, C2, 41, 00, 89, 15, 48, C2, 41, 00, 89, 1D, 44, C2, 41, 00, 89, 35, 40, C2, 41, 00, 89, 3D, 3C, C2, 41, 00, 66, 8C, 15, 68, C2, 41, 00, 66, 8C, 0D, 5C, C2, 41, 00, 66, 8C, 1D, 38, C2, 41, 00, 66, 8C, 05, 34, C2, 41, 00, 66, 8C, 25, 30, C2, 41, 00, 66, 8C, 2D, 2C, C2, 41, 00, 9C, 8F, 05, 60, C2, 41, 00, 8B, 45, 00, A3, 54, C2, 41, 00, 8B, 45, 04, A3, 58, C2, 41, 00, 8D, 45, 08, A3, 64, C2, 41...
 
[+]

Entropy:
7.4820

Code size:
27.5 KB (28,160 bytes)

Remove 720脚本加密工具.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.