home

guodou201412230303.exe

果豆应用

Zhenjiang ChangYou Network Technology Co., Ltd.

Publisher:
镇江畅游网络科技有限公司  (signed by Zhenjiang ChangYou Network Technology Co., Ltd.)

Product:
果豆应用

Version:
1.0.12.14

MD5:
98bc809bbe7766edf019323ff9a23840

SHA-1:
a5f40cce9eb234e334fa3bf8ec027d6ea7f977ab

SHA-256:
ecb5d8e24ef49a77494e1fa5d93dd81823316acc1d37685cd57fe030cbdcd727

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/27/2024 2:04:03 AM UTC  (today)

File size:
869.5 KB (890,400 bytes)

Product version:
1.0.12.14

Copyright:
镇江畅游网络科技版权所有 (C)2014

Original file name:
GuoDou.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\guodou\201412230303\guodou201412230303.exe

Digital Signature
Signed by:
Zhenjiang ChangYou Network Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/6/2014 4:00:00 PM

Valid to:
3/7/2015 3:59:59 PM

Subject:
CN="Zhenjiang ChangYou Network Technology Co., Ltd.", OU=技术部, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Zhenjiang ChangYou Network Technology Co., Ltd.", L=Zhenjiang, S=Jiangsu, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5E647F3525E873BEEE27CE28AD420537

File PE Metadata
Compilation timestamp:
12/12/2014 1:54:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:MwZgc+2vLaLZggBKWSnAhI/p0QSEdtjusjL:MwZgcTB7juW

Entry address:
0x28F0

Entry point:
68, F0, 2B, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 2E, 72, 12, 7B, 03, 28, B1, 43, 84, C0, 47, 1D, 64, 91, 2D, 7E, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 47, 75, 6F, 44, 6F, 75, 00, 00, 00, 00, 00, 00, 01, 00, 0F, 00, A8, 79, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00, CC, 7C, 40, 00, E0, A4, 49, 00, 00, 00, 00, 00, C0, 66, 1D, 05, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 70, 29, 40, 00...
 
[+]

Entropy:
5.7636

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
612 KB (626,688 bytes)

Scan guodou201412230303.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.