home

hao123saudi.exe

hao123 Desktop Shortcut

The application hao123saudi.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from sa.hao123.com.
Product:
hao123 Desktop Shortcut

Version:
1.0.0.1108

MD5:
ff4ab96de28e624efc49d61bf166e4ba

SHA-1:
ff68f9524c65f7b65bc731b3c649bbf36fdc4bd8

SHA-256:
e65102379472faa5011aad6412c2b3d740cb11e024b4827e99324d4f43a09c55

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 10:04:59 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160711-1

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

Reason Heuristics
PUP.Hao123.Installer.Meta (M)
16.7.27.18

File size:
663.8 KB (679,768 bytes)

Product version:
1.0.0.1108

Copyright:
(C) 2011 Baidu.com。All Rights Reserved.

Original file name:
Hao123DeskSetup.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\hao123saudi.exe

File PE Metadata
Compilation timestamp:
4/10/2010 3:19:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:lm/pniVtT8XTV/Jvt7VcqQxz7zgo/1PzMxD5SGv4ySfskqPQasZ62ESxZ:lmBnIUTV/JvtAxUq1bMxD8GvbkqPQJ6G

Entry address:
0x354B

Entry point:
4A, 18, F8, 35, EB, 9F, 89, 4E, FF, CB, 0D, 82, 58, 97, 2F, 80, FA, 76, 0F, AF, FA, 69, D1, 07, B7, 8B, B9, 0F, AF, D7, 69, FA, 9E, 46, 5A, 67, BE, 3D, 9F, D6, 1A, 3D, 8B, E7, 00, 00, F6, C1, 37, 40, 0F, BE, CF, 2B, F6, 85, FB, 89, D9, 35, BB, 83, 20, 7D, 88, D8, 0F, BE, FC, 15, 7A, CD, 4F, 0F, 76, 04, F3, C6, C0, 94, 6A, 00, 59, F7, C7, 09, 7A, 81, DF, 81, E7, 93, 1C, 10, 69, C6, C3, 38, 81, F1, 82, 0D, 00, 00, 05, 18, AC, AD, 38, F3, 81, F1, 64, 06, 00, 00, 4A, 80, C6, 16, 8D, 1D, 93, 9D, 73, 35, 0F, C1...
 
[+]

Entropy:
7.9376  (probably packed)

Code size:
25 KB (25,600 bytes)

The file hao123saudi.exe has been seen being distributed by the following URL.

http://sa.hao123.com/downloadapi?f=Hao123saudi

Remove hao123saudi.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.