» jisuxthuajin_setup.exe
Overview
Analysis
File Details

jisuxthuajin_setup.exe

系统之家一键重装

Wang Xin'gang

The executable jisuxthuajin_setup.exe has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.

File name:

Publisher:

jisuxt.com, Inc. (signed by Wang Xin'gang)

Product:

系统之家一键重装

Version:

3.5.15.278

MD5:

938a2bbc1baf563dd60e28ae8e762ff8

SHA-1:

288aeb22dfe51c57cc095419b17364bec55ceaaa

SHA-256:

ee40b0c9840ebd9c6cfaa4bcb6cd7c11a6b06fd17990761ffb84a612a2504507

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

5/18/2024 5:45:21 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.7.23.14

File size:

6.3 MB (6,598,440 bytes)

Product version:

3.5.15.278

jisuxt.com, Inc.(http://www.jisuxt.com/)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\tools\jisuxthuajin_setup.exe

Digital Signature

Signed by:

Wang Xin'gang

Authority:

WoSign CA Limited

Valid from:

4/16/2015 3:21:52 AM

Valid to:

4/16/2016 4:21:52 AM

Subject:

CN=Wang Xin'gang, L=Baicheng, S=Jilin, C=CN

Issuer:

CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

2108C800D6BA37F4A70D21559AF73CF5

File PE Metadata

Compilation timestamp:

12/17/2013 1:45:56 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

98304:rzhwno6mje+5q+gW2k+Z7YeFEJGG5UyHaPOVfn4rlQKELW0pmtauhNo8:rCo6MqNW2kZefG5kOY2HLvpTuh

Entry address:

0x36DF

Entry point:

81, EC, 88, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 1C, C7, 44, 24, 10, 10, 9B, 40, 00, 89, 5C, 24, 18, C6, 44, 24, 14, 20, FF, 15, 88, 90, 40, 00, 89, 44, 24, 20, FF, 15, 34, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, AC, 90, 40, 00, 53, FF, 15, 00, 93, 40, 00, 6A, 08, A3, 38, A9, 44, 00, E8, 0B, 29, 00, 00, 53, 68, 60, 01, 00, 00, A3, 48, A8, 44, 00, 8D, 44, 24, 40, 50, 53, 68, 0F, 9B, 40, 00, FF, 15, 88, 91, 40, 00, 68, 04, 9B, 40, 00, 68, 40, 68, 44, 00, E8, 36, 26, 00, 00, FF, 15, A8, 90, 40, 00... 
[+]

Entropy:

7.9903

Packer / compiler:

Nullsoft install system v2.x

Code size:

29 KB (29,696 bytes)

Remove jisuxthuajin_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.