home

edius下载@25_67035.exe

downloader

Hefei Lewei Information Technology Co.,Ltd.

The executable edius下载@25_67035.exe has been detected as malware by 1 anti-virus scanner. The file has been seen being downloaded from xiazai.zol.com.cn and multiple other hosts.
Publisher:
Hefei Lewei Information Technology Co.,Ltd.  (signed and verified)

Product:
downloader

Version:
1.0.2.1

MD5:
dcf2047f5e3d843fd77b55b291d231b4

SHA-1:
efe9da8ab79404a3ff4fc7b7952ca4f9cbc003aa

SHA-256:
1c4533821e2698d662b1554ce317152937dd4bad8fa817b50f6d8717e0872c92

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
5/9/2024 10:56:56 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
(M)
16.7.1.17

File size:
772.5 KB (791,024 bytes)

Product version:
1.0.2.1

Original file name:
downloader

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
Hefei Lewei Information Technology Co.,Ltd.

Authority:
WoSign CA Limited

Valid from:
10/29/2015 2:17:37 PM

Valid to:
10/29/2016 2:17:37 PM

Subject:
CN="Hefei Lewei Information Technology Co.,Ltd.", O="Hefei Lewei Information Technology Co.,Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
5AB7015B756534ACC678E7DB75D22D97

File PE Metadata
Compilation timestamp:
5/23/2016 12:57:01 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:CSg0l74UiOklyF1AEqi7XBRBq8BZhrnkNUNTidX3:q0lEuDP7XBRBLtrnkNUpidX3

Entry address:
0x256CB

Entry point:
E8, 59, B3, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 0C, 57, 33, FF, 85, F6, 74, 1B, 6A, E0, 33, D2, 58, F7, F6, 3B, 45, 10, 73, 0F, E8, 9F, 11, 00, 00, C7, 00, 0C, 00, 00, 00, 33, C0, EB, 3C, 0F, AF, 75, 10, 53, 8B, 5D, 08, 85, DB, 74, 09, 53, E8, EB, 2A, 00, 00, 59, 8B, F8, 56, 53, E8, 95, B4, 00, 00, 8B, D8, 59, 59, 85, DB, 74, 15, 3B, FE, 73, 11, 2B, F7, 8D, 04, 1F, 56, 6A, 00, 50, E8, 0C, 00, 00, 00, 83, C4, 0C, 8B, C3, 5B, 5F, 5E, 5D, C3, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74...
 
[+]

Entropy:
6.3198

Code size:
246.5 KB (252,416 bytes)

The file edius下载@25_67035.exe has been seen being distributed by the following 50 URLs.

http://xiazai.zol.com.cn/down.php?softid=430989&subcateid=279&site=10&checkStr=834152761d509fc73&pos=dxgs1&rand=5b0d98

http://xiazai.zol.com.cn/down.php?softid=430967&subcateid=726&site=10&checkStr=e6a1d0e06cd608eea&pos=dxgs2&rand=3faf64

http://url.tduou.com/.../????????mega??@271_86232.exe

http://driver.zol.com.cn/.../116660_117_9.shtml

http://url2000.downkr.com/.../Adobe photoshop CS6 v13.0 ??????? - ???????????@195_40990.exe

http://url.tudown.com/.../ProDAD DeFishr(????????????) v1.0.65.1 ?????@135_46070.exe

http://url.tduou.com/.../????@260_38458.exe

http://driver.zol.com.cn/.../432458_6_9.shtml

http://xiazai.zol.com.cn/down.php?softid=437460&subcateid=325&site=10&checkStr=d03a409bdb090332c&pos=dxgs1&rand=798d40

http://url.tduou.com/.../RPG Maker VX(RPG????) V1.03?RPG???????????? @213_4001.exe

http://xiazai.zol.com.cn/down.php?softid=415443&subcateid=102&site=10&checkStr=816d3ce5457de0f65&pos=dxgs1&rand=c6b16c

http://url.tduou.com/.../????Primo@68_30538.exe

http://xiazai.zol.com.cn/down.php?softid=433537&subcateid=325&site=10&checkStr=3c17bea37e54efda9&pos=dxgs1&rand=c5f7f3

http://url.tduou.com/.../Honey@212_150848.exe

http://url.tduou.com/.../bb4050@220_460173.exe

http://xiazai.zol.com.cn/down.php?softid=135373&subcateid=327&site=10&checkStr=bc29f4c14ea51514c&pos=dxgs1&rand=371947

http://url.tduou.com/.../??@260_98952.exe

http://url.tduou.com/down/.../64?)@240_77371.exe

http://url.tduou.com/.../????????????? 2.1.2 ???@240_141388.exe

http://url.tduou.com/.../????PC???@225_289093.exe

http://url.tduou.com/.../????go@198_125585.exe

http://url.tudown.com/down/.../8.1??????????? Build 2014.0616@173_2820.exe

http://url.tduou.com/.../????@260_137849.exe

http://xiazai.zol.com.cn/down.php?softid=89381&subcateid=75&site=10&checkStr=c3ac99bf32578eaaf&pos=dxgs1&rand=7644ed

http://count.ddooo.com/redirect.asp?sid=11405&rm=2&downurl=http://.../CorelDRAWX6_11405.rar

http://url.tduou.com/.../????????????@224_120929.exe

http://url.tduou.com/.../Minecraft(?????????) v1.8.9 PC?????@317_25108.exe

http://url.tduou.com/.../«NBA 2K16»??????????@51_118171.exe

http://url.tudown.com/.../??360?????3.0.1.2@83_1204.exe

http://url.tduou.com/.../?????????@264_4791.exe

Latest 30 of 106 download URLs

Remove edius下载@25_67035.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.