» 99602[q].0402.10403200390_143036.exe
Overview
Analysis
File Details

99602[q].0402.10403200390_143036.exe

悠扬棋牌大厅安装程序

无锡新游网络科技有限公司

The application 99602[q].0402.10403200390_143036.exe by 无锡新游网络科技有限公司 has been detected as a potentially unwanted program by 20 anti-malware scanners.

File name:

Publisher:

免费赢奖品的棋牌游戏 (signed by 无锡新游网络科技有限公司)

Product:

悠扬棋牌大厅安装程序

Version:

1.0.0.1

MD5:

971c9693346260fb33dc9aa7b89a842f

SHA-1:

ebe7c84c8b8d7927089d7598f010890bd21555a6

SHA-256:

f39d3442aeedb6e61230418eb7e515e16d25051358c2af03bc01804c1c77c649

Scanner detections:

20 / 68

Status:

Potentially unwanted

Analysis date:

5/19/2024 9:06:38 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.657105

545

AhnLab V3 Security

PUP/Win32.Installer

2015.07.15

Avira AntiVirus

TR/Kazy.5792928

8.3.1.6

Arcabit

Trojan.Kazy.DA06D1

1.0.0.425

avast!

Win32:Malware-gen

2014.9-150808

AVG

Fat-Obfuscated

2016.0.3023

Bitdefender

Gen:Variant.Kazy.657105

1.0.20.1100

Bkav FE

HW32.Packed

1.3.0.6979

Comodo Security

UnclassifiedMalware

22766

Emsisoft Anti-Malware

Gen:Variant.Kazy.657105

8.15.08.08.12

F-Secure

Packed:W32/PeCan.A

11.2015-08-08_7

G Data

Gen:Variant.Kazy.657105

15.8.25

IKARUS anti.virus

Backdoor.Win32.Zegost

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.206.16567

McAfee

BackDoor-EXZ

5600.6679

MicroWorld eScan

Gen:Variant.Kazy.657105

16.0.0.660

Panda Antivirus

Trj/Genetic.gen

15.08.08.12

Sophos

Mal/Generic-S

4.98

Trend Micro

TROJ_GEN.R047C0PDD15

10.465.08

VIPRE Antivirus

Trojan.Win32.Generic

42020

File size:

5.5 MB (5,792,928 bytes)

Product version:

1.0.0.1

Original file name:

SkyGameInstaller.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\99602[q].0402.10403200390_143036.exe

Digital Signature

Signed by:

无锡新游网络科技有限公司

Authority:

WoSign CA Limited

Valid from:

12/16/2014 3:06:48 PM

Valid to:

12/16/2015 3:06:48 PM

Subject:

CN=无锡新游网络科技有限公司, O=无锡新游网络科技有限公司, L=无锡市, S=江苏省, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

1E3131184EF0B55083F06689D6B96957

File PE Metadata

Compilation timestamp:

4/2/2015 4:06:14 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

98304:r0WNiqm/G2+GF8K3HWCsolkeTTnIMjMPsM+08+fv9ezHbr3n+DN+m4XZ9yT:r8AVGGioEnfIP208+f1yHbLnYFKyT

Entry address:

0xB842F8

Entry point:

68, 05, 43, F8, 00, 68, 13, 43, F8, 00, C3, 33, 73, E9, 09, 00, 00, 00, 3A, BC, A0, AA, 99, 11, 8D, 5E, 4A, 60, E9, 02, 00, 00, 00, EB, 16, 54, E9, 02, 00, 00, 00, E0, D8, 68, 2F, 43, F8, 00, 68, CF, 4A, F8, 00, C3, 8C, E9, 09, 00, 00, 00, C9, A3, D5, 69, E1, D0, 2F, 00, 6F, C3, C2, 44, 68, 4D, 43, F8, 00, 68, 5B, 43, F8, 00, C3, 94, 32, 68, 5B, 43, F8, 00, C3, 50, 3A, 5B, 8F, 99, 34, 29, 2D, 58, 68, 77, 43, F8, 00, 68, 0B, 40, F8, 00, 68, 06, 40, F8, 00, 68, 03, 40, F8, 00, 68, 00, 40, F8, 00, C3, 79, 0F... 
[+]

Entropy:

7.9113 (probably packed)

Code size:

1.2 MB (1,266,176 bytes)

Remove 99602[q].0402.10403200390_143036.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.