» hao123-client.exe
Overview
Analysis
File Details
Downloads (1)

hao123-client.exe

Beijing baidu Netcom science and technology co.ltd

File name:

hao123-client.exe

Publisher:

Beijing baidu Netcom science and technology co.ltd (signed and verified)

MD5:

19661ea7617ca96892913f045ec5026b

SHA-1:

ba2f474db123ea09825762f3fff8803614ae88cc

SHA-256:

633d0b7a9dcf4a03a544a7578b3aac466bf758fd54e217a7e297306f24c04ce6

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/26/2024 7:47:32 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

infected with Trojan.StartPage1.418

9.0.1.05190

File size:

488.4 KB (500,072 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\hao123-client.exe

Digital Signature

Signed by:

Beijing baidu Netcom science and technology co.ltd

Authority:

VeriSign, Inc.

Valid from:

2/26/2012 7:00:00 PM

Valid to:

2/26/2015 6:59:59 PM

Subject:

CN=Beijing baidu Netcom science and technology co.ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Beijing baidu Netcom science and technology co.ltd, L=Beijing, S=Beijing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

56659719569BE07B775A1B2275E2D83A

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

12288:5zZobyFlhxd0L5UyJuREuV1nvfYY77h1Gh7lqKO:5zZobAX0OkujvwYXhIh7lqKO

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, B3, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, B2, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, A0, 32, 47, 00, E8, 35, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, C0, 4C, 00, 57, E8, 23, 26, 00, 00... 
[+]

The file hao123-client.exe has been seen being distributed by the following URL.

http://www.menaon.com/.../hao123armenona_ar.exe

Scan hao123-client.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.