» cb64700f3313d1f20baafebd952cf47c.exe
Overview
Analysis
File Details

cb64700f3313d1f20baafebd952cf47c.exe

Microsoft? Windows? Operating System

亚数信息科技（上海）有限公司

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application cb64700f3313d1f20baafebd952cf47c.exe by 亚数信息科技（上海）有限公司 has been detected as a potentially unwanted program by 29 anti-malware scanners.

File name:

Publisher:

Microsoft Corporation (signed by 亚数信息科技（上海）有限公司)

Product:

Microsoft? Windows? Operating System

Description:

AppLocale

Version:

1.3.3.31

MD5:

cb64700f3313d1f20baafebd952cf47c

SHA-1:

3a643db16539602272b754c4dbeb7b0b62ef5075

SHA-256:

76223d618393daadf8f3680cf7f1c8d8737a933407cd33f4c813215e0888d8a2

Scanner detections:

29 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 9:08:45 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Dropped:Trojan.Generic.13198985

536

Agnitum Outpost

Trojan.DownLoader

7.1.1

AhnLab V3 Security

Malware/Win32.Generic

2015.07.23

Avira AntiVirus

BDS/Agent.61440.20

8.3.1.6

Arcabit

Trojan.Generic.DC96689

1.0.0.425

avast!

Win32:Malware-gen

2014.9-150817

AVG

BackDoor.Generic16.AVYC.dropper

2016.0.3014

Baidu Antivirus

Trojan.Win32.Generik

4.0.3.15817

Bitdefender

Dropped:Trojan.Generic.13198985

1.0.20.1145

Bkav FE

W32.HfsAdware

1.3.0.6979

Dr.Web

Trojan.DownLoader7.55072

9.0.1.0229

Emsisoft Anti-Malware

Dropped:Trojan.Generic.13198985

8.15.08.17.11

ESET NOD32

Generik.KEVNYEW (variant)

9.11984

Fortinet FortiGate

W32/Generic.GSS!tr

8/17/2015

F-Secure

Dropped:Trojan.Generic.13198985

11.2015-17-08_2

G Data

Dropped:Trojan.Generic.13198985

15.8.25

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.207.16656

Kaspersky

HEUR:Backdoor.Win32.Generic

14.0.0.1565

McAfee

RDN/Generic BackDoor!bdk

5600.6670

Microsoft Security Essentials

Trojan:Win32/Skeeyah.A!rfn

1.1.11903.0

MicroWorld eScan

Dropped:Trojan.Generic.13198985

16.0.0.687

NANO AntiVirus

Trojan.Win32.Agent.dsogic

0.30.24.2668

Panda Antivirus

Generic Suspicious

15.08.17.11

Qihoo 360 Security

HEUR/QVM07.1.Malware.Gen

1.0.0.1015

Quick Heal

Trojan.Skeeyah.r4

8.15.14.00

Sophos

Troj/Mdrop-GSS

4.98

Trend Micro

TROJ_GEN.R03BC0OF515

10.465.17

VIPRE Antivirus

Trojan.Win32.Generic

42254

File size:

57.6 KB (58,968 bytes)

Product version:

1.3.3.31

Trademarks:

Original file name:

AppLocale.exe

File type:

Executable application (Win32 EXE)

Digital Signature

Signed by:

亚数信息科技（上海）有限公司

Authority:

TrustAsia Technologies, Inc.

Valid from:

5/19/2013 6:54:00 PM

Valid to:

5/19/2015 6:54:00 PM

Subject:

CN=亚洲诚信代码签名测试证书, O=亚数信息科技（上海）有限公司, L=上海市, S=上海市, C=CN

Issuer:

CN=TrustAsia Code Signing CA, O="TrustAsia Technologies, Inc.", C=CN

Serial number:

File PE Metadata

Compilation timestamp:

10/4/2011 3:27:57 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

384:UUovhyT3vhm1dXDQl8jcr/YRCRnzd2fsvmAmZepRU0f+rwXyG0yaZfc2vAewDEan:UUZFm1wQRCRR2fZTzZroxIZU8JaWf+1

Entry address:

0x2D8C

Entry point:

55, 8B, EC, 6A, FF, 68, 88, 37, 40, 00, 68, 40, 2D, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, B8, 30, 40, 00, 59, 83, 0D, 88, BE, 40, 00, FF, 83, 0D, 8C, BE, 40, 00, FF, FF, 15, BC, 30, 40, 00, 8B, 0D, 84, BE, 40, 00, 89, 08, FF, 15, C0, 30, 40, 00, 8B, 0D, 80, BE, 40, 00, 89, 08, A1, C4, 30, 40, 00, 8B, 00, A3, 90, BE, 40, 00, E8, 36, 01, 00, 00, 39, 1D, C0, B2, 40, 00, 75, 0C, 68, 30, 2F, 40, 00, FF, 15... 
[+]

Entropy:

4.7814

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

8 KB (8,192 bytes)

Remove cb64700f3313d1f20baafebd952cf47c.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.