home

bind.exe

TODO: <产品名>

Jiajie Yin

The application bind.exe by Jiajie Yin has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
TODO: <公司名>  (signed by Jiajie Yin)

Product:
TODO: <产品名>

Description:
TODO: <文件说明>

Version:
1.0.0.1

MD5:
10e433092dfb3d511ac8f6d1a65abf53

SHA-1:
ca389053c6cc614d2e6ecf08337c56fbf95d4f71

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/27/2024 12:16:52 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.JiajieYin.E
14.7.27.14

File size:
303.7 KB (310,960 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2014

Original file name:
TODO: <原文件名>

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\baidu\bind.exe

Digital Signature
Signed by:
Jiajie Yin

Authority:
WoSign CA Limited

Valid from:
5/14/2014 12:46:39 PM

Valid to:
5/15/2015 12:46:39 PM

Subject:
CN=Jiajie Yin, E=cpa.baidu@gmail.com, L=桂林市, S=广西壮族自治区, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
3F13D1662B5F2172EF525E77D131CC4E

File PE Metadata
Compilation timestamp:
4/24/2014 6:30:56 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:vHZt1wpOVlbUwS6lyDFCm2oSudIP3zdW6Knh0bEgJFgmOM8Nxou:vHVwpOVq8wIP3c6X4gngm983p

Entry address:
0x26C9C

Entry point:
E8, 27, 85, 00, 00, E9, 17, FE, FF, FF, 6A, 0C, 68, 98, 51, 44, 00, E8, 9E, 55, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, F0, 90, 44, 00, 77, 22, 6A, 04, E8, 0A, 87, 00, 00, 59, 83, 65, FC, 00, 56, E8, 4C, 8F, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, AA, 55, 00, 00, C3, 6A, 04, E8, 07, 86, 00, 00, 59, C3, 55, 8B, 6C, 24, 08, 83, FD, E0, 0F, 87, 9F, 00, 00, 00, 53, 8B, 1D, DC, C0, 43, 00, 56, 57, 33, F6, 39, 35, C4, 8D, 44, 00, 8B, FD, 75, 18, E8, C0, 7A, 00...
 
[+]

Code size:
236 KB (241,664 bytes)

Remove bind.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.