» d107929ab8c6a91646a03fa4a8197b0b.exe
Overview
Analysis
File Details
Behaviors (1)

d107929ab8c6a91646a03fa4a8197b0b.exe

Shenzhen Enode Technology Co., Ltd.

This is a setup and installation application.

File name:

Publisher:

XCube (signed by Shenzhen Enode Technology Co., Ltd.)

Product:

XCube

Description:

XCube's Install Program

Version:

1.6.0.878

MD5:

91c64dad770c31a0c61b319211764ed4

SHA-1:

a14e97f58dd0f499b31a0060e134821fb00d0359

Scanner detections:

4 / 68

Status:

Clean (4 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/26/2024 1:30:45 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

2014.9-160208

ESET NOD32

Detection.Undefined

10.7.0.302.0

Microsoft Security Essentials

Threat.Undefined

1.213.5577.0

VIPRE Antivirus

Threat.4721115

46960

File size:

3.2 MB (3,342,288 bytes)

Product version:

1.6.0.878

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\d107929ab8c6a91646a03fa4a8197b0b.exe

Digital Signature

Signed by:

Shenzhen Enode Technology Co., Ltd.

Authority:

VeriSign, Inc.

Valid from:

4/1/2013 2:00:00 AM

Valid to:

4/1/2016 1:59:59 AM

Subject:

CN="Shenzhen Enode Technology Co., Ltd.", OU=Development Department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Shenzhen Enode Technology Co., Ltd.", L=Shenzhen, S=Guangdong, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

60F6AD6D09199C81989F5CD146FBBF4F

File PE Metadata

Compilation timestamp:

12/25/2013 7:01:32 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:zUYf/Bmg6m3Epe7y5qwNwEEMLiWStqx2QvnF0yVgfn9uzMS6tVC5jSOgLpz1Ui6p:zhswZy0wiGL5S/ILK9G6tuaL3UkCLuNE

Entry address:

0x31FD

Entry point:

0F, B6, FA, B9, 38, 1D, 82, 94, B2, D9, 74, 06, 84, D0, 24, CB, FF, C6, F7, C2, 47, 5F, BD, F3, FF, C8, C7, C5, 81, B2, B7, 28, C7, C5, 1D, 8E, 44, 45, 3B, D1, 1B, C9, 43, B5, 30, B6, 70, 1C, 0F, 4D, E8, 1B, 00, 00, 00, 84, DA, F3, FF, C5, 76, 03, 0F, B7, DB, 8A, DE, 8B, FD, F2, F2, 0F, BF, F6, 0F, BF, DA, 2B, C7, 29, DA, 4A, BD, 00, 00, 00, 00, 41, 2A, C6, B4, AF, 1B, C7, 0F, B7, C9, 29, C2, F6, C6, EA, C7, C2, 03, EF, 75, ED, 84, DA, 81, C5, DE, F2, FF, FF, F3, 81, C5, 23, 0D, 00, 00, 28, EB, 0B, DA, F7... 
[+]

Entropy:

7.9964 (probably packed)

Code size:

23.5 KB (24,064 bytes)

Windows Firewall Allowed Program

Name:

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\intclient\d107929ab8c6a91646a03fa4a8197b0b.exe

Scan d107929ab8c6a91646a03fa4a8197b0b.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.