home

abcsafepop.exe

ABC SafePop

Agricultural Bank of China

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ABCBank’.
Publisher:
ABC  (signed by Agricultural Bank of China)

Product:
ABC SafePop

Version:
1.0.16.1118

MD5:
02bc819020139ff0aee88084c397cf72

SHA-1:
1161f9f4b13fdc0036f82e8c7ee7bec5a6b4ddf3

SHA-256:
d7aa0fdd95325d86913d214feb486879d0107c0e022f24c842e47d63461c502d

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
1/4/2026 3:05:14 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Floxif.H virus
6.3.12010.0

F-Prot
W32/Floxif.B
4.6.5.141

File size:
330.9 KB (338,863 bytes)

Product version:
1.0.16.1118

Copyright:
ABC。保留所有权利。

Original file name:
FtsafePop.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\öð¹úå©òµòøðð\öð¹úå©òµòøððíøòøöúêö\abcsafepop.exe

Digital Signature
Signed by:
Agricultural Bank of China

Authority:
VeriSign, Inc.

Valid from:
6/29/2016 6:00:00 AM

Valid to:
5/30/2019 5:59:59 AM

Subject:
CN=Agricultural Bank of China, OU=Software dept, O=Agricultural Bank of China, L=beijing, S=beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
31B17697213CD33B6A0D8C6BDA8780DC

File PE Metadata
Compilation timestamp:
11/18/2016 5:05:54 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x6970

Entry point:
E9, 94, EB, FF, FF, E9, 63, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, E8, C3, 40, 00, 89, 0D, E4, C3, 40, 00, 89, 15, E0, C3, 40, 00, 89, 1D, DC, C3, 40, 00, 89, 35, D8, C3, 40, 00, 89, 3D, D4, C3, 40, 00, 66, 8C, 15, 00, C4, 40, 00, 66, 8C, 0D, F4, C3, 40, 00, 66, 8C, 1D, D0, C3, 40, 00, 66, 8C, 05, CC, C3, 40, 00, 66, 8C, 25, C8, C3, 40, 00, 66, 8C, 2D, C4, C3, 40, 00, 9C, 8F, 05, F8, C3, 40, 00, 8B, 45, 00, A3, EC, C3, 40, 00, 8B, 45, 04, A3, F0, C3, 40, 00, 8D, 45, 08, A3, FC, C3, 40...
 
[+]

Entropy:
7.0050

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
27.5 KB (28,160 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ABCBank

Command:
C:\Program Files\öð¹úå©òµòøðð\öð¹úå©òµòøððíøòøöúêö\abcsafepop.exe


Scan abcsafepop.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.