csczgiokv9mv4cexxufpzwh4s46csczgiokv9mv4cexxufpzwh4s46_a10.exe

Yu Bao

The executable csczgiokv9mv4cexxufpzwh4s46csczgiokv9mv4cexxufpzwh4s46_a10.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
Yu Bao  (signed and verified)

Version:
201604051809

MD5:
7469fcceb56cca01377caf5e245e5f63

SHA-1:
7337b1e8fe18da4246cc8fd7ac475ce9289925d1

SHA-256:
7d180bd89d924caa2067f7aca321d36025c72fd9a0abe1ed6ab3bb96672637d1

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
10/31/2024 10:54:36 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.1.18.18

File size:
1.4 MB (1,463,280 bytes)

Product version:
201604051809

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\csczgiokv9mv4cexxufpzwh4s46\csczgiokv9mv4cexxufpzwh4s46csczgiokv9mv4cexxufpzwh4s46_a10.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
4/4/2016 9:00:00 PM

Valid to:
10/20/2016 9:59:59 PM

Subject:
CN=Yu Bao, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
153E6AA18DC86E7EEFC0592564FE92B7

File PE Metadata
Compilation timestamp:
4/5/2016 7:24:02 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0xB92A3

Entry point:
4D, 08, A1, 98, E3, 55, 00, 0F, B7, 04, 48, 83, E0, 08, 5D, C3, 6A, 00, FF, 75, 08, E8, D3, FD, FF, FF, 59, 59, 5D, C3, 55, 8B, EC, 83, 3D, 14, 6F, 56, 00, 00, 75, 11, 8B, 4D, 08, A1, 98, E3, 55, 00, 0F, B7, 04, 48, 83, E0, 01, 5D, C3, 6A, 00, FF, 75, 08, E8, FA, FD, FF, FF, 59, 59, 5D, C3, 55, 8B, EC, 83, 3D, 14, 6F, 56, 00, 00, 75, 13, 8B, 4D, 08, A1, 98, E3, 55, 00, 0F, B7, 04, 48, 25, 80, 00, 00, 00, 5D, C3, 6A, 00, FF, 75, 08, E8, 1F, FE, FF, FF, 59, 59, 5D, C3, 55, 8B, EC, 8D, 45, 10, 50, 6A, 00, FF...
 
[+]

Code size:
1.1 MB (1,114,624 bytes)