» d2155050-sample
Overview
Analysis
File Details

d2155050-sample

Qizhi Software (beijing) Co. Ltd

The file d2155050-sample has been detected as malware by 25 anti-virus scanners.

File name:

d2155050-sample

Publisher:

Qizhi Software (beijing) Co. Ltd (signed and verified)

MD5:

2f7e29ea0a191e4567ed073b9d30fb28

SHA-1:

12990e64f1b2a197542ffae6a5b24b853cd648b3

SHA-256:

856ccddb000c08f988e03df904fde49908763dae6239469b979088935afadd90

Scanner detections:

25 / 68

Status:

Malware

Analysis date:

4/25/2024 6:31:27 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Dropper/Malware.28672.AV

5.0.

Avira AntiVirus

TR/Crypt.ZPACK.Gen

7.9.1.154

Emsisoft A-Squared

Trojan-Downloader.Win32.Murlo!IK

4.5.0.50

avast!

Win32:Small-MTB

2014.9-141231

AVG

SHeur2

2015.0.3244

Bitdefender

Trojan.Generic.2741039

1.0.20.1825

Comodo Security

TrojWare.Win32.TrojanDownloader.Perkesh.O0

3763

Dr.Web

Trojan.MulDrop.19784

9.0.1.0365

ESET NOD32

Win32/TrojanDownloader.Perkesh

8.4821

Fortinet FortiGate

W32/Kyper.EU!tr

12/31/2014

F-Prot

W32/Rootkit-PX

v6.4.5.1.85

F-Secure

Trojan.Generic.2741039

11.2014-31-12_4

G Data

Trojan.Generic.2741039

14.12.19

IKARUS anti.virus

Trojan-Downloader.Win32.Murlo

t3scan.1.1.80.0

K7 AntiVirus

Trojan.Win32.Malware.4

13.7.10.960

Kaspersky

Trojan.Win32.Kyper

14.0.0.2713

McAfee

Generic Downloader.x!brs

5600.6900

Microsoft Security Essentials

TrojanDownloader:Win32/Perkesh.F

1.163.1557.0

Norman

W32/Smalltroj.UMHF

11.20141231

nProtect

Trojan/W32.Kyper.28672.N

2009.1.8.0

Quick Heal

Trojan.Kyper.bdj

12.14.10.00

Rising Antivirus

Trojan.Win32.KillAV.ciq

23.00.65.141229

Sophos

Troj/Drop-EI

4.50

Trend Micro

TROJ_MURLO.SMOD

10.465.31

Vba32 AntiVirus

Win32.Rootkit.Agent.NFF

3.12.12.1

File size:

28 KB (28,672 bytes)

Digital Signature

Signed by:

Qizhi Software (beijing) Co. Ltd

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

11/24/2006 3:30:00 AM

Valid to:

11/24/2008 3:29:59 AM

Subject:

CN=Qizhi Software (beijing) Co. Ltd, OU=Secure Application Development, O=Qizhi Software (beijing) Co. Ltd, L=Beijing, S=Beijing, C=CN

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

613BF885496412207ECB70ACFAC6755B

File PE Metadata

Compilation timestamp:

11/3/2009 8:28:44 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

384:CznLOWQtVDw623yj20CqC0LzNcjkKDFN9rAZC+Zz9T0PpiOaCbzEWU2B3WBEknN+:Czd/8pLWFEZz9WpDbs2IBPn4Lgq

Entry address:

0xD2C0

Entry point:

60, BE, 00, 80, 40, 00, 8D, BE, 00, 90, FF, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75... 
[+]

Entropy:

7.7268

Packer / compiler:

UPX 2.90LZMA

Code size:

24 KB (24,576 bytes)

Remove d2155050-sample - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.