home

byydsever.exe

GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.

The application byydsever.exe by GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD has been detected as a potentially unwanted program by 20 anti-malware scanners.
Publisher:
快速压缩便压程序  (signed by GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.)

Product:
快速压缩便压程序

Version:
1.0.0.6

MD5:
92e37ac5d8b35aec0c39fa9c4b74331f

SHA-1:
d53a19a38ca87c77fb0c62f83a1b9079bf4c9c88

SHA-256:
47bb276381deccd2df52050542a8fa575bd80f942aab6ae7896f17153977d60d

Scanner detections:
20 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 3:52:15 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.12960010
675

Agnitum Outpost
Riskware.Agent
7.1.1

Baidu Antivirus
PUA.Win32.WuJi
4.0.3.1576

Bitdefender
Trojan.Generic.12960010
1.0.20.455

Dr.Web
DLOADER.Trojan
9.0.1.091

Emsisoft Anti-Malware
Trojan.Generic.12960010
8.15.04.01.05

ESET NOD32
Win32/WuJi (variant)
9.10372

Fortinet FortiGate
Riskware/WuJi
4/1/2015

F-Secure
Trojan.Generic.12960010
11.2015-01-04_4

G Data
Trojan.Generic.12960010
15.4.25

herdProtect (fuzzy)
variant of bysever.exe
2015.7.6.2

K7 AntiVirus
Trojan
13.202.15389

McAfee
Artemis!92E37AC5D8B3
5600.6809

MicroWorld eScan
Trojan.Generic.12960010
16.0.0.273

NANO AntiVirus
Trojan.Win32.Wuji.dljfrf
0.30.8.659

Norman
Suspicious_Gen4.HRYEP
11.20150401

nProtect
Trojan.Generic.12960010
15.03.26.01

Trend Micro House Call
TROJ_GEN.R0C1C0EB815
7.2.91

Trend Micro
TROJ_GEN.R0C1C0EB815
10.465.01

VIPRE Antivirus
Trojan.Win32.Generic
38790

File size:
687.6 KB (704,072 bytes)

Product version:
1.0.0.0820

Copyright:
2014年程序

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\bianya2\201412152207\byydsever.exe

Digital Signature
Signed by:
GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.

Authority:
Thawte, Inc.

Valid from:
4/14/2014 8:00:00 AM

Valid to:
4/15/2015 7:59:59 AM

Subject:
CN="GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.", O="GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.", L=Nanning, S=Guangxi, C=CN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2BAC93FD3FE5B005036AD0D4C873C6E5

File PE Metadata
Compilation timestamp:
6/20/1992 6:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:4QytU8HuQJIiiKNSdAyCbL/CskFs7KPjsTxvbTe7siU/KUV+sxekXvfS:4QgpZiKNPD/kCDa7siU/KUwL3

Entry address:
0x21079B

Entry point:
68, B3, 21, 23, E5, E8, 89, 21, 00, 00, 3A, 24, BE, 20, 2A, 7C, 46, 28, B2, 3C, B6, F8, 62, CC, 54, 02, 76, DA, 37, CD, DF, EA, D1, A6, C4, 1C, 46, 36, A4, EF, A4, 55, F2, 4E, 37, 39, 52, AA, 5A, E0, 8E, 0D, 90, 02, 25, 32, 6B, A7, 91, 9F, 16, 5A, 90, C2, B6, 62, EC, 12, 7A, B6, AA, D8, 64, E2, 10, 22, 67, FC, D6, F4, EA, 1B, 1F, 3F, 99, 75, A1, E7, 2F, C8, 32, 7C, 20, 4D, 6A, 54, B1, 40, BC, E2, F4, 1C, 3E, D8, AE, 88, B4, E9, 99, 7D, E5, EB, 15, 21, 37, 93, A7, 13, 89, 9E, BC, B5, 47, 3D, D4, F7, 2C, 52...
 
[+]

Entropy:
7.8905  (probably packed)

Code size:
2.1 MB (2,171,392 bytes)

Remove byydsever.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.