home

apo.exe

Shanghai Bo Yi Information Technology Co. Ltd.

The application apo.exe by Shanghai Bo Yi Information Technology Co has been detected as a potentially unwanted program by 10 anti-malware scanners.
Publisher:
Shanghai Bo Yi Information Technology Co. Ltd.  (signed and verified)

MD5:
555a55638ea7e1a44affde571d4fbe96

SHA-1:
6bbc70ca7b3f50cce3f46b3807fe7517b2e4b3e3

SHA-256:
1e5385c8475cd84354769efbc8d2d9c0b7d972d48885af8039b6c3976c0b944f

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2024 10:53:38 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.NoobyProtect
7.1.1

Avira AntiVirus
TR/Spy.1941504.17
7.11.152.90

AVG
Win32/Heur
2015.0.3245

Comodo Security
TrojWare.Win32.Amtar.KNB
18405

ESET NOD32
Win32/Packed.NoobyProtect (variant)
8.9878

Fortinet FortiGate
PossibleThreat
12/29/2014

IKARUS anti.virus
Virus.Win32.Heur
t3scan.1.6.1.0

Norman
Genetik.AD
11.20141229

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.141227

VIPRE Antivirus
Trojan.Win32.Generic
29854

File size:
1.9 MB (1,941,352 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
Shanghai Bo Yi Information Technology Co. Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/15/2012 8:00:00 AM

Valid to:
3/20/2015 7:59:59 AM

Subject:
CN=Shanghai Bo Yi Information Technology Co. Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Shanghai Bo Yi Information Technology Co. Ltd., L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3BDC743ADE918E2EC09F3A9FDD929776

File PE Metadata
Compilation timestamp:
5/25/2012 4:31:53 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
49152:HEYRr3SSDZJdT6Ud+RuJGV4QhUKzyGpgRhitmVDq/eCkn2y4d1q+gPqJ2S:txiaYVhTDeS

Entry address:
0x34F0503

Entry point:
E8, 1F, 00, 00, 00, 53, 61, 66, 65, 6E, 67, 69, 6E, 65, 20, 4E, 65, 74, 4C, 69, 63, 65, 6E, 73, 6F, 72, 20, 76, 32, 2E, 31, 2E, 36, 2E, 30, 00, 9C, 54, 66, 8F, 04, 24, 83, EC, 1C, EB, 9B, 8D, A8, B9, DB, DE, DE, 52, 66, F7, D5, 88, 74, 24, 01, 83, EC, 14, 8D, 2C, 3E, E9, 26, 05, 00, 00, D1, 59, C9, A8, 5B, DE, 1B, 72, 21, CD, 66, BD, 95, D0, 0F, CD, 8D, A8, 51, C1, 84, AC, EB, CF, 6D, ED, 7D, 04, F7, 14, 4F, A9, 1A, BA, 52, 00, 00, 00, 00, 9E, 3E, EB, 16, 72, 5E, 33, 89, 31, 6A, 20, BF, 2B, 50, AE, A9, 7D...
 
[+]

Entropy:
7.9508  (probably packed)

Remove apo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.