» hardware-id.exe
Overview
Analysis
File Details

hardware-id.exe

Shanghai Bo Yi Information Technology Co. Ltd.

The executable hardware-id.exe, “Safengine - Professional Software Protection Tool” has been detected as malware by 11 anti-virus scanners.

File name:

hardware-id.exe

Publisher:

Safengine (signed by Shanghai Bo Yi Information Technology Co. Ltd.)

Product:

Safengine

Description:

Safengine - Professional Software Protection Tool

Version:

2.3.8.0

MD5:

daeeb2e96da08d73add91d058d83b0ce

SHA-1:

3168d77f99aff74ddaa04a2e7cadb508520c1b5a

SHA-256:

2de702b91a720ac77910b858fb14afd134f751473ca415ba46357401dccdcbed

Scanner detections:

11 / 68

Status:

Malware

Analysis date:

5/5/2024 10:56:38 AM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Troj.Crypt.Xpack!c

2.1.4+

Avira AntiVirus

TR/Crypt.XPACK.Gen3

8.3.3.2

avast!

Win32:Malware-gen

2014.9-160414

ESET NOD32

Win32/Packed.NoobyProtect.M suspicious (variant)

10.13072

Fortinet FortiGate

PossibleThreat

4/14/2016

G Data

Win32.Trojan.Agent.NQ19QA

16.4.25

IKARUS anti.virus

Virus.Win32.Heur

t3scan.2.0.7.0

K7 AntiVirus

Trojan

13.213.18828

Qihoo 360 Security

Win32/Trojan.160

1.0.0.1120

Rising Antivirus

PE:Malware.Generic(Thunder)!1.A1C4 [F]

23.00.65.16412

Sophos

Generic PUA DB (PUA)

4.98

File size:

1.6 MB (1,668,504 bytes)

Product version:

2.3.8.0

2007 - 2014 Safengine

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\hardware-id.exe

Digital Signature

Signed by:

Shanghai Bo Yi Information Technology Co. Ltd.

Authority:

Symantec Corporation

Valid from:

3/30/2015 7:00:00 AM

Valid to:

4/29/2018 6:59:59 AM

Subject:

CN=Shanghai Bo Yi Information Technology Co. Ltd., O=Shanghai Bo Yi Information Technology Co. Ltd., L=Shanghai, S=Shanghai, C=CN

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

3C189CE4860D33BA864357F925B5D8F8

File PE Metadata

Compilation timestamp:

1/21/2016 9:02:54 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:P689xrtebhKp8o+m4YcpSeMkV7KXrpMgDx4b9:P6eziKeo+isSLZrpMgDx4b9

Entry address:

0x1951F6

Entry point:

EB, 08, 00, 38, 19, 00, 00, 00, 00, 00, E9, F5, F2, FF, FF, EC, FF, C6, 66, 87, 6C, 24, 02, 0F, BD, DE, 66, 5A, 66, 42, 66, 8F, 04, 24, F7, D5, E9, 9C, FE, FF, FF, 8D, 64, 24, 09, 66, C1, D3, 06, 8D, 14, 14, 66, 8F, 44, 24, 05, EB, 14, 71, 70, 73, 6A, 8D, 2C, 0C, 66, 8B, E9, 8B, EB, B3, EC, 8F, 04, 24, F5, EB, DA, 66, 87, 5C, 24, 06, 66, 8F, 04, 24, 86, F2, 66, BD, 18, 3A, 66, BA, EE, 56, E9, 64, 02, 00, 00, 85, 34, 27, FF, 74, 24, 04, 8F, 04, 24, 5B, 8D, 2C, 85, 00, 00, 00, 00, BB, F2, A3, 70, 81, 87, 2C... 
[+]

Entropy:

7.4828

Remove hardware-id.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.