home

d107929ab8c6a91646a03fa4a8197b0b.exe

Shenzhen Enode Technology Co., Ltd.

This is a setup and installation application.
Publisher:
XCube  (signed by Shenzhen Enode Technology Co., Ltd.)

Product:
XCube

Description:
XCube's Install Program

Version:
1.6.0.878

MD5:
6dcd3cc224032bf3678411550f8d13aa

SHA-1:
f61adb667c7fe98fed9d69c39df30859f3f09052

Scanner detections:
4 / 68

Status:
Clean  (4 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/26/2024 4:56:24 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
2014.9-160215

ESET NOD32
Detection.Undefined
10.7.0.302.0

Microsoft Security Essentials
Threat.Undefined
1.213.5577.0

VIPRE Antivirus
Threat.4721115
46960

File size:
3.2 MB (3,342,288 bytes)

Product version:
1.6.0.878

Copyright:
Copyright (C) 2001-2015

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\d107929ab8c6a91646a03fa4a8197b0b.exe

Digital Signature
Signed by:
Shenzhen Enode Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
4/1/2013 2:00:00 AM

Valid to:
4/1/2016 1:59:59 AM

Subject:
CN="Shenzhen Enode Technology Co., Ltd.", OU=Development Department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Shenzhen Enode Technology Co., Ltd.", L=Shenzhen, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
60F6AD6D09199C81989F5CD146FBBF4F

File PE Metadata
Compilation timestamp:
12/25/2013 7:01:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:gMf/Bmg6m3Epe7y5qwNwEEMLiWStqx2QvnF0yVgfn9uzMS6tVC5jSOgLWpzXi6cU:g+swZy0wiGL5S/ILK9G6tuaLW9kCLuNE

Entry address:
0x31FD

Entry point:
88, C3, 32, DC, 0F, AF, E9, B2, 9C, 0F, B6, CB, C7, C0, F2, 08, 45, 67, 42, 8D, 35, 9E, 0B, 88, 93, 42, F2, F3, FE, CD, 50, 85, FF, 71, 03, 80, F5, 30, E8, FE, 00, 00, 00, 8B, C8, 0F, BE, ED, F2, 81, CF, 72, 3B, 5D, 74, 81, F8, 83, FA, 1B, D3, 85, D5, 8B, EA, 8A, F9, 86, CF, 8D, 0D, EF, 81, 46, F4, 0F, AF, CE, 8D, 35, AA, 83, C3, 2E, F2, 0F, AF, F7, 49, 8D, 2E, 85, F5, 88, EF, 80, D1, 30, 10, CD, 6B, FF, 00, 4E, 8D, 7D, 00, 35, D3, D5, C1, B4, 40, 2B, D7, 8B, C7, 0F, AF, C8, 80, D7, 26, 2B, C0, 89, E9, 86...
 
[+]

Entropy:
7.9963  (probably packed)

Code size:
23.5 KB (24,064 bytes)

Windows Firewall Allowed Program
Name:
C:\DOCUME~1\Fannan6\LOCALS~1\Temp\intclient\d107929ab8c6a91646a03fa4a8197b0b.exe


Scan d107929ab8c6a91646a03fa4a8197b0b.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.