» chrmstp.exe
Overview
Analysis
File Details
Behaviors (1)

chrmstp.exe

TAOBAO (CHINA) SOFTWARE CO.,LTD.

File name:

chrmstp.exe

Publisher:

TAOBAO (CHINA) SOFTWARE CO.,LTD. (signed and verified)

MD5:

ca7b3df1674e1fa6d3fd706854a6af5c

SHA-1:

dd14ec26ca3a34d153dfbcb0585396b9e982ecbc

SHA-256:

d3350f8d2bc1117080861b2a8c8657991edd7d9936c70fc84fc1bd117b5358cb

Scanner detections:

2 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/19/2024 7:15:57 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Floxif.H virus

6.3.12010.0

F-Prot

W32/Floxif.B

4.6.5.141

File size:

1.2 MB (1,229,143 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\ucbrowser\application\6.1.2015.1007\installer\chrmstp.exe

Digital Signature

Signed by:

TAOBAO (CHINA) SOFTWARE CO.,LTD.

Authority:

VeriSign, Inc.

Valid from:

6/15/2016 5:00:00 PM

Valid to:

7/14/2018 4:59:59 PM

Subject:

CN="TAOBAO (CHINA) SOFTWARE CO.,LTD.", OU=RDC, O="TAOBAO (CHINA) SOFTWARE CO.,LTD.", L=Hangzhou, S=Zhejiang, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

780A0032A6CE7D0B5D5452F5CDE520DC

File PE Metadata

Compilation timestamp:

2/21/2017 12:25:23 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

Entry address:

0x9BE48

Entry point:

E9, 96, C8, FE, FF, E9, 80, FE, FF, FF, 55, 8B, EC, 5D, E9, E1, F9, FF, FF, CC, CC, CC, CC, CC, 53, 57, 33, FF, 8B, 44, 24, 10, 0B, C0, 7D, 14, 47, 8B, 54, 24, 0C, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 10, 89, 54, 24, 0C, 8B, 44, 24, 18, 0B, C0, 7D, 13, 8B, 54, 24, 14, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 18, 89, 54, 24, 14, 0B, C0, 75, 1B, 8B, 4C, 24, 14, 8B, 44, 24, 10, 33, D2, F7, F1, 8B, 44, 24, 0C, F7, F1, 8B, C2, 33, D2, 4F, 79, 4E, EB, 53, 8B, D8, 8B, 4C, 24, 14, 8B, 54, 24, 10, 8B, 44, 24, 0C... 
[+]

Entropy:

6.7828

Packer / compiler:

Xtreme-Protector v1.05

Code size:

761.5 KB (779,776 bytes)

InstalledComponents

Name:

UC Browser

Scan chrmstp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.