» iweather.exe
Overview
Analysis
File Details
Behaviors (1)

iweather.exe

Shanghai Digital Century Network Co.,Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Ð¡ÐÜÌìÆø’.

File name:

iweather.exe

Publisher:

小熊天气 (signed by Shanghai Digital Century Network Co.,Ltd.)

Product:

小熊天气

Version:

1.0.0.0

MD5:

9cce1a17c18fc503dde91db2905e7a8e

SHA-1:

7dd917a99bc7b70c61e580d75efda4410cc11e1e

Scanner detections:

4 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/19/2024 9:39:08 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Packed/PECompact

7.1.1

Avira AntiVirus

TR/Downloader.Gen

7.11.163.226

IKARUS anti.virus

Trojan-Downloader

t3scan.1.6.1.0

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

File size:

1.1 MB (1,197,560 bytes)

Product version:

1.0.0.0

小熊天气

File type:

Executable application (Win32 EXE)

Language:

Chinese (PRC)

Digital Signature

Signed by:

Shanghai Digital Century Network Co.,Ltd.

Authority:

VeriSign, Inc.

Valid from:

6/14/2013 8:00:00 AM

Valid to:

6/15/2014 7:59:59 AM

Subject:

CN="Shanghai Digital Century Network Co.,Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Shanghai Digital Century Network Co.,Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7A9614A6E69B814BF05CB1C6A3F266EE

File PE Metadata

Compilation timestamp:

2/22/2014 5:48:19 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:nnz4AJj2JvRcfXGAavif7YCMw8M7DhEzDR+52JvGzm1x:nnE40DrifHFSRzMQx

Entry address:

0x8D370

Entry point:

B8, 8C, EF, 68, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 61, B4, 82, 71, E4, 37, 1C, 08, 6C, CE, 60, 95, 36, A5, FA, A1, D0, F6, B5, 0D, 97, 31, 45, 4D, 24, A0, 14, C3, 1C, 25, FB, E1, B4, E1, 88, 0D, DF, FE, 26, 06, A1, 41, CF, AF, 1D, 3B, 94, 41, 29, F8, A7, A1, EF, 43, 0B, 09, 0F, BC, 96, 97, 3C, B0, BC, 48, 37, 7F, ED, 50, 35, AD, 09, DA, 32, B5, C7, 00, 3E, FB, 48, F8, 47, A6, 10, 3F, 53, AF, 5E, 5A, 15, 9F, 49, 14, 50... 
[+]

Entropy:

7.9633

Packer / compiler:

PECompact v2

Code size:

739.5 KB (757,248 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Ð¡ÐÜÌìÆø

Command:

C:\iweather\iweather.exe

Scan iweather.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.