» deletealpha.exe
Overview
Analysis
File Details
Behaviors (1)

deletealpha.exe

Client

Nanjing Wangya Computer Co.,Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Implementwarmtrain’.

File name:

deletealpha.exe

Publisher:

wangya (signed by Nanjing Wangya Computer Co.,Ltd.)

Product:

Client

Version:

10.00.0037

MD5:

a8813a539ec2899e3a0859221ffb27b2

SHA-1:

029e5caabdce8937259d023dea0cc239072af92e

SHA-256:

408be9fa81d04c927aa5a85ebdda8285250a7f44c7cd2f79a36cc8be3ac547ed

Scanner detections:

2 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/24/2024 11:07:33 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

F-Secure

Suspicious:W32/Malware.029e5caabd!Online

5.14.151

Sophos

Virus 'Mal/Behav-131'

5.15

File size:

844.6 KB (864,880 bytes)

Product version:

10.00.0037

WangYa

Original file name:

set.dat

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\Program Files\lfyilpu\deletealpha.exe

Digital Signature

Signed by:

Nanjing Wangya Computer Co.,Ltd.

Authority:

Thawte, Inc.

Valid from:

12/26/2013 8:00:00 AM

Valid to:

2/25/2016 7:59:59 AM

Subject:

CN="Nanjing Wangya Computer Co.,Ltd.", OU=Development Department, O="Nanjing Wangya Computer Co.,Ltd.", L=NanJing, S=JiangSu, C=CN

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

1AC0074C3A632904593B34FF87DAF1F8

File PE Metadata

Compilation timestamp:

5/26/2015 4:55:33 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:v0FA/EPQB0zhRPfRwIERZJ+9Y/uMAULAd:b/EP20zhbhERZkj

Entry address:

0x906C

Entry point:

68, 18, E6, 40, 00, E8, EE, FF, FF, FF, 00, 00, 48, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, F4, 2C, B3, AC, 9E, 14, 30, 46, A5, DD, CD, 8D, 86, 7B, 28, C1, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 20, 63, 6F, 6C, 6F, 72, 77, 6F, 72, 6B, 77, 69, 6E, 63, 00, 74, 79, 20, 61, 6E, 64, 20, 00, 65, 74, 75, 72, 6E, 20, 74, C0, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 07, 00, 00, 00, 81, 4F, 44, 58, 4F, 61, BE, 4C, 9D, 90, 19, F7, 37, AC, A1, 20, 01, 00, 00, 00, A0, 00, 00, 00... 
[+]

Entropy:

5.9400

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

808 KB (827,392 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Implementwarmtrain

Command:

C:\Program Files\lfyilpu\deletealpha.exe autp

Scan deletealpha.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.