home

D4S.EXE

D4S

CHEN PROGRAM STUDY

The application D4S.EXE has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup program which is used to install the application.
Publisher:
CHEN PROGRAM STUDY

Product:
D4S

Version:
1.00

MD5:
37d35831be38fb62c4d848f35a41335d

SHA-1:
5f2a10e6d2e5e6150fba34a5c2960ba069e94feb

SHA-256:
9853a9bad906603e87b3321191fa42a40d6509a4f1280db5c5c2f6ab9f6909e8

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
5/28/2024 9:28:25 PM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/MalwareF.EBIU
v6.4.7.1.166

K7 AntiVirus
Riskware
13.176.11737

Reason Heuristics
PUP.Generic.CHENPROGRAMSTUDY.Meta (M)
15.6.19.11

File size:
709 KB (726,016 bytes)

Product version:
1.00

Trademarks:
CPS

Original file name:
D4S.EXE

File type:
Executable application (Win32 EXE)

Language:
Chinese (Taiwan)

File PE Metadata
Compilation timestamp:
1/18/2002 8:17:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
4.20

CTPH (ssdeep):
12288:nE0kf+rtOb1alWLzf3/H0ay9k/eCZPLWCPd6LSncryITAa1BcoKASaJC4/70G:E0k4y/Lr3Ma5NZP6CPd+SY9TAa4jAHTh

Entry address:
0xE5001

Entry point:
60, E9, 3D, 04, 00, 00, E9, 25, 05, 01, 01, EC, 01, BC, 31, 3A, 45, 01, 04, DE, 2C, 9E, D1, 40, 45, 01, 84, BE, FD, 4A, 45, 01, 01, 8A, 9E, FD, 4A, 45, 01, 10, 86, 67, 04, 01, 01, C8, 86, 34, 3A, 45, 01, 01, 01, 01, 01, 8E, 86, 05, 4B, 45, 01, 51, 00, 96, 01, 4C, 45, 01, 8A, 86, 01, 4B, 45, 01, 8C, F9, 8E, 9E, 12, 4B, 45, 01, 54, 51, 00, 96, FD, 4B, 45, 01, 8A, 86, FD, 40, 45, 01, 8E, 9E, 1F, 4B, 45, 01, 54, 58, 00, 96, FD, 4B, 45, 01, 8A, 86, 01, 41, 45, 01, 8E, 86, B6, 3A, 45, 01, 00, E1, 29, 17, 01, 01...
 
[+]

Entropy:
7.9948

Packer / compiler:
ASProtect v1.1

Code size:
723 KB (740,352 bytes)

The file D4S.EXE has been seen being distributed by the following 11 URLs.

ftp://172.24.49.64/rayong/.../D4S.exe

http://teachers.wyes.tn.edu.tw/.../game_161.EXE

http://softkumir.ru/downloads.php

http://soft-mx-6.ru/PAOPAO.EXE

http://softkumir.ru/basement.php

http://212.232.76.53/PAOPAO.EXE

http://downloads.ziddu.com/downloadfiless/.../D4S_SamePokemon.exe

http://dl.dropbox.com/u/.../????????????.exe

https://dl.dropboxusercontent.com/u/.../????????????.exe

http://downloads.ziddu.com/downloadfiles/.../Onet.exe

http://download.kapook.com/.../D4S.exe

Remove D4S.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.