» checkmalicious.exe
Overview
Analysis
File Details

checkmalicious.exe

木马专杀

Shanghai Giant Network Technology Co., Ltd.

File name:

checkmalicious.exe

Publisher:

上海巨人网络科技有限公司 (signed by Shanghai Giant Network Technology Co., Ltd.)

Product:

木马专杀

Version:

1,0,2,217

MD5:

282b2e2676d0b74d21d1b6ecfbe38101

SHA-1:

aa41c1fec039e80b1fa9ddb3538c79e3c7c1f60e

SHA-256:

97eddd9dc7e1159bab5ce9ae7537f4d11e48b6838735669e84bc82253604086c

Scanner detections:

3 / 68

Status:

Clean (3 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/26/2024 9:22:15 AM UTC (today)

Scan engine

Detection

Engine version

Clam AntiVirus

PUA.Packed.Themida-2

0.98/18155

K7 AntiVirus

Trojan

13.115720

Rising Antivirus

Suspicious

23.00.65.16126

File size:

1.9 MB (1,957,064 bytes)

Product version:

1,0,2,217

Original file name:

checkmalicious.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\users\{user}\downloads\chinhdocmtt\data\checkmalicious.exe

Digital Signature

Signed by:

Shanghai Giant Network Technology Co., Ltd.

Authority:

VeriSign, Inc.

Valid from:

1/12/2010 7:00:00 AM

Valid to:

1/12/2013 6:59:59 AM

Subject:

CN="Shanghai Giant Network Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Shanghai Giant Network Technology Co., Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

66381371086FA9E44FCE46BC758057FB

File PE Metadata

Compilation timestamp:

3/18/2009 9:20:29 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

49152:hPwsxsehvd2HfvNoq+vRZcerhvRri0JEQvx:hPwsxsCcfv3+ZThvRe2

Entry address:

0x208014

Entry point:

B8, 00, 00, 00, 00, 60, 0B, C0, 74, 68, E8, 00, 00, 00, 00, 58, 05, 53, 00, 00, 00, 80, 38, E9, 75, 13, 61, EB, 45, DB, 2D, 37, 80, 60, 00, FF, FF, FF, FF, FF, FF, FF, FF, 3D, 40, E8, 00, 00, 00, 00, 58, 25, 00, F0, FF, FF, 33, FF, 66, BB, 19, 5A, 66, 83, C3, 34, 66, 39, 18, 75, 12, 0F, B7, 50, 3C, 03, D0, BB, E9, 44, 00, 00, 83, C3, 67, 39, 1A, 74, 07, 2D, 00, 10, 00, 00, EB, DA, 8B, F8, B8, D0, 49, 28, 00, 03, C7, B9, 6D, 82, 20, 00, 03, CF, EB, 0A, B8, D0, 49, 68, 00, B9, 6D, 82, 60, 00, 50, 51, E8, 87... 
[+]

Packer / compiler:

Themida/WinLicense V1.8.0.2 +

Code size:

824 KB (843,776 bytes)

Scan checkmalicious.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.