home

nn_02982.exe

快看影视

FENGSHANG YUNQI Culture Media (Beijing) Co., Ltd

This is a setup program which is used to install the application. The file has been seen being downloaded from download.soft798.com and multiple other hosts.
Publisher:
kuaikan studio  (signed by FENGSHANG YUNQI Culture Media (Beijing) Co., Ltd)

Product:
快看影视

Description:
快看影视主程序

Version:
1.0.34.0228

MD5:
51f40864c95a5a5bb5f8ea3140b33220

SHA-1:
4bf8fa5ff648ab2c6da5a153b91ea9b6b2444c60

SHA-256:
b41ae29fd47ea9de208b3b0839512ac65db7ac8e27ebb7c34b54164ae36defeb

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
5/8/2024 10:08:54 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
probably STPAGE.Trojan
9.0.1.05190

File size:
1.6 MB (1,675,992 bytes)

Product version:
1.0.34.0228

Copyright:
Copyright (C) 2015 kuaikan studio

Original file name:
KKShowedFilms.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\nn_02982.exe

Digital Signature
Signed by:
FENGSHANG YUNQI Culture Media (Beijing) Co., Ltd

Authority:
WoSign CA Limited

Valid from:
10/27/2015 2:51:09 PM

Valid to:
10/27/2016 2:51:09 PM

Subject:
CN="FENGSHANG YUNQI Culture Media (Beijing) Co., Ltd", O="FENGSHANG YUNQI Culture Media (Beijing) Co., Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA G2, O=WoSign CA Limited, C=CN

Serial number:
5BA22DD56638592FA5283CAFD23A41D9

File PE Metadata
Compilation timestamp:
3/1/2016 12:07:39 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:ZGbPXLcCTjgAANGMBE3YDmvUvPOpZPysbP:cPXLcCTcxNGMBEam42pZbbP

Entry address:
0x1FA76

Entry point:
E8, B6, 7E, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, 20, 40, 44, 00, 75, 02, F3, C3, E9, 46, 84, 00, 00, 58, 59, 87, 04, 24, FF, E0, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, 0A, 51, 00, 00, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, F4, 50, 00, 00, CC, CC, CC, CC, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 57, C6, 45, FF, 00, 8B, 7B, 08, 8D, 73, 10, 33, 3D, 20, 40, 44, 00, C7, 45, F4, 01, 00, 00, 00, 8B, 07, 83...
 
[+]

Entropy:
7.8379  (probably packed)

Code size:
194 KB (198,656 bytes)

The file nn_02982.exe has been seen being distributed by the following 2 URLs.

http://download.soft798.com/.../xq_00002.exe

http://download.soft798.com/.../nn_02982.exe

Scan nn_02982.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.