home

cf自雷v2.2.exe

QMacro

fuzhou tian xia chuang shi digital Co.,Ltd

The executable cf自雷v2.2.exe, “QMacro's macro runner.” has been detected as malware by 11 anti-virus scanners. Accoriding to the detections, this has been classified as a kyelogger which is capable of recoring a user's keystrokes.
Publisher:
vrBrothers Corporation.   (signed by fuzhou tian xia chuang shi digital Co.,Ltd)

Product:
QMacro

Description:
QMacro's macro runner.

Version:
9, 5, 0, 11632

MD5:
5b2d6e29d7e2e2b664ad3c7697eca4c0

SHA-1:
5820731abd04c3534469fe1d8a6bbce8a5bd7a84

SHA-256:
928df3aa8007c6b0d695a04d8eb73d66efab88b644e292f710198baac7bd82f4

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
4/25/2024 10:03:31 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.KeyLogger
7.1.1

Avira AntiVirus
TR/Agent.5470741
8.3.1.6

avast!
Win32:Malware-gen
2014.9-150607

AVG
Generic31
2016.0.3085

Dr.Web
Trojan.KeyLogger.24093
9.0.1.0158

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.9.0

K7 AntiVirus
Riskware
13.203.15929

McAfee
Artemis!5B2D6E29D7E2
5600.6741

Norman
TrojanDropper.H
11.20150607

Trend Micro House Call
TROJ_GEN.R03EC0OE415
7.2.158

Trend Micro
TROJ_GEN.R03EC0OE415
10.465.07

File size:
5.2 MB (5,470,741 bytes)

Product version:
9, 5, 0, 11632

Copyright:
(C) vrBrothers Corporation. All rights reserved.

Original file name:
mymacro.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\ProgramData\cf自雷v2.2.exe

Digital Signature
Signed by:
fuzhou tian xia chuang shi digital Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
4/12/2011 2:00:00 AM

Valid to:
4/12/2013 1:59:59 AM

Subject:
CN="fuzhou tian xia chuang shi digital Co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="fuzhou tian xia chuang shi digital Co.,Ltd", L=fuzhou, S=fujian, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
209E746C15A85E547AFAF6A4C3277C81

File PE Metadata
Compilation timestamp:
11/16/2012 3:13:39 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:8JOf0Z9K8toGjAMzCPTD+Kcz1UHts1PUyl+fG3FwUHFuH4Kyrf2HEvl4:8aSz1YsTHVwe4H4p6Qm

Entry address:
0x2FB7C5

Entry point:
68, 24, 0F, B2, 0E, E8, 12, 02, 01, 00, 0A, 9F, 53, 8F, 21, 64, 33, 87, 3B, AF, 73, 1F, 23, BF, 63, 9B, 1B, A3, FA, FD, CE, E6, 74, B9, 75, C0, 32, C1, E8, 98, 79, C6, 01, 4C, 14, EB, D2, 39, 74, D1, 7D, C2, 68, E1, 85, 82, 06, 82, B0, 53, 86, 9E, 5E, 8C, 13, 16, DE, 81, 5A, C8, E3, 3B, 81, C2, 42, DA, 38, 6B, CB, 0B, D6, 23, ED, AA, 5E, 8A, 64, 23, 9F, 0B, 97, 33, B7, 0B, 87, BF, 87, 1D, B5, 30, C1, 1C, EE, 31, 94, 58, 90, 7F, 1D, 67, 47, FF, 34, FC, 46, EA, 46, B0, 9C, F1, F4, 13, D2, 99, E1, 24, 0A, 52...
 
[+]

Entropy:
7.1086

Code size:
3 MB (3,194,880 bytes)

Remove cf自雷v2.2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.