home

boot1.exe

Beijing Jiangmin New Sci.&Tec. Co. Ltd.

The executable boot1.exe has been detected as malware by 4 anti-virus scanners.
Publisher:
ChicKen  (signed by Beijing Jiangmin New Sci.&Tec. Co. Ltd.)

Product:
ChicKen

Version:
11, 0, 0, 0

MD5:
5cacb0199139fde9c32f4f50119bbc2d

SHA-1:
07033243d76d8551b28d71f495a95c7848f3eab1

SHA-256:
64f94baaa49eeb913e3e7501f2613ee972e1524a933db301dad84d2d994b9c58

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
4/24/2024 1:02:16 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
160118-1

ESET NOD32
Win32/TrojanDownloader.Agent.BWG trojan
7.0.302.0

McAfee
Trojan.Trojan-FFHA!5CACB0199139
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5231.0

File size:
33.3 KB (34,116 bytes)

Product version:
11, 0, 0, 0

Copyright:
版权所有(C) 2015

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Common path:
C:\Windows\System32\boot1.exe

Digital Signature
Signed by:
Beijing Jiangmin New Sci.&Tec. Co. Ltd.

Authority:
VeriSign, Inc.

Valid from:
5/14/2007 12:00:00 AM

Valid to:
7/12/2010 11:59:59 PM

Subject:
CN=Beijing Jiangmin New Sci.&Tec. Co. Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Beijing Jiangmin New Sci.&Tec. Co. Ltd., S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0AF99D85F0A11EFF984DCA484E2899A4

File PE Metadata
Compilation timestamp:
11/3/2015 9:33:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
384:o4Eiu1Wl9RjNubojG3rB0QnhN1w+EQ6bSDp3ysMYJLWSQibSckY:L9RjNun3lLhzzEjbSDJykLbbL7

Entry address:
0x2DD2

Entry point:
55, 8B, EC, 6A, FF, 68, B0, 47, 40, 00, 68, 30, 2F, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, E4, 41, 40, 00, 59, 83, 0D, 38, 56, 40, 00, FF, 83, 0D, 3C, 56, 40, 00, FF, FF, 15, E0, 41, 40, 00, 8B, 0D, 30, 56, 40, 00, 89, 08, FF, 15, DC, 41, 40, 00, 8B, 0D, 2C, 56, 40, 00, 89, 08, A1, D8, 41, 40, 00, 8B, 00, A3, 34, 56, 40, 00, E8, 68, E7, FF, FF, 39, 1D, 48, 54, 40, 00, 75, 0C, 68, 66, 2F, 40, 00, FF, 15, D4, 41...
 
[+]

Entropy:
4.8755

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
12 KB (12,288 bytes)

Remove boot1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.