home

b37.exe

一点拼音输入法

Haining shengdun Network Information Technology Co., Ltd

The application b37.exe by Haining shengdun Network Information Technology Co. has been detected as a potentially unwanted program by 8 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
北京一点科技发展有限公司  (signed by Haining shengdun Network Information Technology Co., Ltd)

Product:
一点拼音输入法

Description:
一点拼音

Version:
1.0.5.2

MD5:
8362a73fb4d69bbad24fa5aed05f8040

SHA-1:
cd1ccde61089be1c12280a09eb408dd46d08fc38

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/24/2024 12:01:36 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Midie
7.1.1

avast!
Win32:Malware-gen
2014.9-160531

AVG
Win32/DH{ZwkD?}
2017.0.2727

Bitdefender
Gen:Variant.Midie.4464
1.0.20.760

Emsisoft Anti-Malware
Gen:Variant.Midie.4464
8.16.05.31.02

G Data
Gen:Variant.Midie.4464
16.5.25

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

Zillya! Antivirus
Adware.BrowseFox.Win32.206945
2.0.0.2541

File size:
2.3 MB (2,426,208 bytes)

Product version:
1.0.5.7

Copyright:
北京一点科技发展有限公司。保留所有权利。

Original file name:
littlePY.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Application data\b37.exe

Digital Signature
Signed by:
Haining shengdun Network Information Technology Co., Ltd

Authority:
VeriSign, Inc.

Valid from:
9/18/2013 8:00:00 AM

Valid to:
9/19/2014 7:59:59 AM

Subject:
CN="Haining shengdun Network Information Technology Co., Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Haining shengdun Network Information Technology Co., Ltd", L=Haining, S=Zhejiang, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5E4B68C169CDA2E9446DCD763BFA0A2D

File PE Metadata
Compilation timestamp:
11/22/2015 2:32:21 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:4rrHNEm0tG/lfKld9+sidvhNczcRCBR2AZiODLOgo/z0Dp3OVhBCHK5NDTj2tRTm:cHb0tGtfKldHiJhNqcRCBR2AZ/D6zGpM

Entry address:
0x110296

Entry point:
E8, 07, DF, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, 04, 03, 51, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, C4, 79, 01, 00, 8B, 45, 0C, 8B, 40, 04, 83, E0, FD, 8B, 4D, 0C, 89, 41, 04, 64, 8B, 3D...
 
[+]

Entropy:
6.7492

Code size:
1.2 MB (1,266,688 bytes)

Remove b37.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.