home

paiot.exe

360Play

VNG Corporation

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘CuHanhPlay’.
Publisher:
VNG Corporation  (signed and verified)

Product:
360Play

Description:
360Play Notification

Version:
1.0.0.3

MD5:
4ecad63758b0dfff76f98cb12a3d16ea

SHA-1:
4c4885d23b86559694a5fac8411ab2d9f31c9183

SHA-256:
169389779912be2576b0c2c04b0c7584f8dbfd902e615760b3f632881a53920a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/1/2024 2:01:55 PM UTC  (today)

File size:
2.2 MB (2,344,488 bytes)

Product version:
1.0.0.3

Copyright:
Copyright © 2015 by VNG Corporation.

Original file name:
CuHanhPlayTray.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\360play\paiot.exe

Digital Signature
Signed by:
VNG Corporation

Authority:
VeriSign, Inc.

Valid from:
8/4/2015 7:00:00 AM

Valid to:
9/28/2017 6:59:59 AM

Subject:
CN=VNG Corporation, O=VNG Corporation, L=Ho Chi Minh, S=Vietnam, C=VN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
69E915413BDF99A03D3AB8D92C3A2C52

File PE Metadata
Compilation timestamp:
3/17/2016 3:22:20 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x390F63

Entry point:
E8, 00, 42, F5, FF, 5F, 9C, 8B, 5C, 24, 04, 66, 87, EF, 60, 8B, 7C, 24, 28, 9C, 5E, 8B, 74, 24, 2C, 66, 0F, BE, E8, 8D, 2C, F5, 71, 2F, A6, DD, 8B, 6C, 24, 30, C6, 04, 24, 9F, FF, 74, 24, 34, C2, 40, 00, 07, 5E, 3F, CD, 62, 29, 07, 58, AE, 6E, 73, 6C, 4E, 2E, 4C, A8, 8D, AD, CF, 2A, 88, 2E, 91, 14, 99, 1A, 96, C0, 48, 4A, D5, 94, 46, C5, CB, A6, 50, 5E, E9, 7A, 7B, B4, 29, 59, 9F, 6D, 47, 5A, 8D, 59, 35, 65, B5, B3, C2, 9D, 63, 3F, 02, 43, CC, C0, 86, 51, A5, 12, CE, F8, EA, 45, EF, 0A, 60, FE, C6, EA, 63...
 
[+]

Entropy:
7.7286  (probably packed)

Code size:
4.7 MB (4,959,232 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
CuHanhPlay

Command:
C:\users\{user}\appdata\local\360play\paiot.exe


Scan paiot.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.