» nvp6_2315.exe
Overview
Analysis
File Details

nvp6_2315.exe

快看影视

FENGSHANG YUNQI Culture Media (Beijing) Co., Ltd

File name:

nvp6_2315.exe

Publisher:

kuaikan studio (signed by FENGSHANG YUNQI Culture Media (Beijing) Co., Ltd)

Product:

快看影视

Description:

快看影视主程序

Version:

1.0.43.0410

MD5:

7ab3543b47e7a8d0c484da623ec64f31

SHA-1:

a559718399f241e5e0b640541d6f8a0046d3917f

SHA-256:

10e043b394de57f6692313b912ad7356996976cd0955c9e0ba812b5ba1049df5

Scanner detections:

2 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

5/8/2024 6:07:49 PM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

AdWare.W32.MultiPlug.miB8

2.1.4+

Dr.Web

probably DLOADER.Trojan

9.0.1.05190

File size:

2.2 MB (2,303,704 bytes)

Product version:

1.0.43.0410

Original file name:

KKShowedFilms.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\nvp6_2315.exe

Digital Signature

Signed by:

FENGSHANG YUNQI Culture Media (Beijing) Co., Ltd

Authority:

WoSign CA Limited

Valid from:

10/27/2015 2:51:09 PM

Valid to:

10/27/2016 2:51:09 PM

Subject:

CN="FENGSHANG YUNQI Culture Media (Beijing) Co., Ltd", O="FENGSHANG YUNQI Culture Media (Beijing) Co., Ltd", L=Beijing, S=Beijing, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA G2, O=WoSign CA Limited, C=CN

Serial number:

5BA22DD56638592FA5283CAFD23A41D9

File PE Metadata

Compilation timestamp:

4/11/2016 3:16:34 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:o75N9BMGMGbCP1SC58+JAfO6bRCqUsh8eIY8E6g:o75NPQt8+JlKRCqUsh5

Entry address:

0x7433E

Entry point:

E8, DC, 91, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, A0, 42, 4A, 00, 75, 02, F3, C3, E9, 4B, 93, 00, 00, 58, 59, 87, 04, 24, FF, E0, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, 7A, 56, 00, 00, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, 64, 56, 00, 00, CC, CC, CC, CC, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 57, C6, 45, FF, 00, 8B, 7B, 08, 8D, 73, 10, 33, 3D, A0, 42, 4A, 00, C7, 45, F4, 01, 00, 00, 00, 8B, 07, 83, F8, FE, 74, 0D, 8B, 4F, 04, 03... 
[+]

Entropy:

7.7483 (probably packed)

Code size:

535.5 KB (548,352 bytes)

Scan nvp6_2315.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.