» dxgame2.0.0.4.exe
Overview
Analysis
File Details
Behaviors (1)

dxgame2.0.0.4.exe

斗蟹游戏盒子

Wuhan Ohyo Technology Co., Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘douxiegame’.

File name:

dxgame2.0.0.4.exe

Publisher:

武汉哦哟科技有限公司 (signed by Wuhan Ohyo Technology Co., Ltd)

Product:

斗蟹游戏盒子

Version:

2, 0, 0, 4

MD5:

348c67b80ee2f8ef9ce23326f38a7884

SHA-1:

2206530ef0bb65f25ea81e1e6eddba708045703c

SHA-256:

95cb03a48c9faa36d2dfe531177f7a314689f47f19bae1ec1386416b1d63b03a

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

5/19/2024 1:35:35 PM UTC (today)

File size:

1.2 MB (1,209,112 bytes)

Product version:

2, 0, 0, 4

Trademarks:

斗蟹

Original file name:

dxgame.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\douxie\dxgame2.0.0.4.exe

Digital Signature

Signed by:

Wuhan Ohyo Technology Co., Ltd

Authority:

VeriSign, Inc.

Valid from:

6/10/2014 8:00:00 AM

Valid to:

8/10/2015 7:59:59 AM

Subject:

CN="Wuhan Ohyo Technology Co., Ltd", OU=IT, O="Wuhan Ohyo Technology Co., Ltd", L=Wuhan, S=Hubei, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

427E88F60D528775A4DF61A05317419B

File PE Metadata

Compilation timestamp:

7/11/2014 5:30:21 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:xURFn5Zhza7TyDj8l32ZtTvWo0pRvklM3mbwyfp61:+Rl5TzG2sehvWo0wlMWbwyfp61

Entry address:

0xA8EA5

Entry point:

E8, 4D, 05, 01, 00, E9, 79, FE, FF, FF, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C, 24, 04, 2B... 
[+]

Entropy:

6.3855

Code size:

854.5 KB (875,008 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

douxiegame

Command:

"C:\Program Files\douxie\dxgame2.0.0.4.exe" -autorun

Scan dxgame2.0.0.4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.