home

boxnews.exe

Guangxi Nanning Shengtaian E-commerce Development Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘BoxNews_592280’.
Publisher:
音乐FM  (signed by Guangxi Nanning Shengtaian E-commerce Development Co., Ltd.)

Product:
音乐FM

Description:
音乐加速

Version:
1.0.0.0

MD5:
b3b9c1859e7237ad94a6285597f72d94

SHA-1:
bca210ac95f7176aa307d3cc2b081008d9f67c08

SHA-256:
23daecd47e1697e27af2c6d3d39517d0a039a6ac84e51539fd179e7ddd2f3d16

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/20/2024 12:54:56 AM UTC  (today)

Scan engine
Detection
Engine version

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.14608

File size:
771.3 KB (789,816 bytes)

Product version:
1.0.0.0

Copyright:
Copyright (C) 2013

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\musicplayer\592280\boxnews.exe

Digital Signature
Signed by:
Guangxi Nanning Shengtaian E-commerce Development Co., Ltd.

Authority:
WoSign eCommerce Services Limited

Valid from:
6/2/2013 10:58:04 PM

Valid to:
7/6/2014 9:14:35 AM

Subject:
E=kefu@shengtaian.com, CN="Guangxi Nanning Shengtaian E-commerce Development Co., Ltd.", O="Guangxi Nanning Shengtaian E-commerce Development Co., Ltd.", L=Nanning, S=Guangxi Zhuangzu Zizhiqu, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:
039E5E3EE7A9AB

File PE Metadata
Compilation timestamp:
6/20/1992 6:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:6W1+/mNnVmy56cudJnu8OgTbNE9kIqSJkKOW/ugAgQw47oi1db2WnfcT:z1mmNn7565dJnuSX6JHoei1db2WfcT

Entry address:
0x126103

Entry point:
68, 63, 9D, 68, C5, E8, 6E, 36, 0B, 00, 00, 00, 4F, 6C, 65, 44, 72, 61, 77, 00, FF, 34, 24, 85, FF, 88, 2C, 24, E9, FB, 1E, 0B, 00, 52, 6C, 81, B0, DF, B8, 52, 9E, C0, 67, 0E, C0, A2, D9, 04, 56, AD, 56, 18, D1, FC, 96, 69, 03, 1A, 4F, 69, 85, 1C, B6, 6A, 7F, 16, AD, 7C, E7, BB, 63, E0, 52, BE, FD, E2, 29, E9, DB, DB, 5F, 9C, 7D, 76, 8E, 0C, 26, 67, 48, 41, 5A, 5C, 87, F2, A4, 8F, C4, 3A, 64, 56, B7, CE, 83, 34, 1D, 34, AE, 99, 29, C2, 59, C8, 65, 7E, F6, 34, 86, 6B, 9C, 1F, D8, 7E, 18, B2, CA, B6, CC, 27...
 
[+]

Entropy:
7.8988  (probably packed)

Code size:
1.9 MB (1,939,968 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
BoxNews_592280

Command:
"C:\Program Files\musicplayer\592280\boxnews.exe" -mini


Scan boxnews.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.