home

packer.exe

Suining Qixi Advertising Media Co., Ltd.

The application packer.exe by Suining Qixi Advertising Media Co. has been detected as a potentially unwanted program by 2 anti-malware scanners.
Publisher:
Suining Qixi Advertising Media Co., Ltd.  (signed and verified)

MD5:
24737dc3b94b5086698acb17a7654ba0

SHA-1:
4b988075ba016cecf0ac6e621eef45f2af286f4d

SHA-256:
b67624b959cc55d5cd067fddae0515d73632f22fc9db74742bcca1d94f00d583

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 1:20:41 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Suining
2016.0.3215

Reason Heuristics
PUP.SuiningQixiAdvertisingMediaCo
15.1.29.1

File size:
177.2 KB (181,416 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\xigua\2.12.0.5\packer.exe

Digital Signature
Signed by:
Suining Qixi Advertising Media Co., Ltd.

Authority:
WoSign CA Limited

Valid from:
4/21/2014 5:14:06 AM

Valid to:
4/23/2017 5:14:06 AM

Subject:
CN="Suining Qixi Advertising Media Co., Ltd.", E=xiguayingyin@gmail.com, O="Suining Qixi Advertising Media Co., Ltd.", L=Suining, S=Jiangsu, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
6BA70B4380ECA6E171FB81A495EC5DEF

File PE Metadata
Compilation timestamp:
12/10/2014 6:56:38 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
3072:u9UXrUVJg7UmoajiJuOWgsbB4VG805jcI14Qn4PXAAEee:u9UXrUXgoxmivpm8EjcIGfXAR

Entry address:
0x9CDD

Entry point:
E8, 9D, 6C, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 8B, 46, 0C, A8, 83, 75, 10, E8, 3F, 49, 00, 00, C7, 00, 16, 00, 00, 00, 83, C8, FF, EB, 67, 83, E0, EF, 83, 7D, 10, 01, 89, 46, 0C, 75, 0E, 56, E8, AA, 03, 00, 00, 01, 45, 0C, 83, 65, 10, 00, 59, 56, E8, 6C, 1C, 00, 00, 8B, 46, 0C, 59, 84, C0, 79, 08, 83, E0, FC, 89, 46, 0C, EB, 16, A8, 01, 74, 12, A8, 08, 74, 0E, A9, 00, 04, 00, 00, 75, 07, C7, 46, 18, 00, 02, 00, 00, FF, 75, 10, FF, 75, 0C, 56, E8, 0A, 6E, 00, 00, 59, 50, E8, 2F...
 
[+]

Entropy:
6.5186

Code size:
126 KB (129,024 bytes)

Remove packer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.