home

PaopaoWeather.exe

天气查询

Chongqing Bannisha Network Information Technology Co., Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘PaopaoWeather’.
Publisher:
重庆半泥沙网络信息技术有限公司  (signed by Chongqing Bannisha Network Information Technology Co., Ltd)

Product:
天气查询

Description:
PaoPaoWeather 天气查询

Version:
1.00.0107

MD5:
bece6c7c07c71344a67e8a8d55e4aeca

SHA-1:
9228d23315509162372dae3f1dceba3b09eadf0f

SHA-256:
17d1ed141fe18f668fffe3b39ecd61916bc4638dab33235d3ab7dd34267407ef

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
5/9/2024 3:21:39 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
W32/Sality.AG
7.11.30.172

File size:
612 KB (626,680 bytes)

Product version:
1.00.0107

Original file name:
PaopaoWeather.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\paopaoweather\paopaoweather.exe

Digital Signature
Signed by:
Chongqing Bannisha Network Information Technology Co., Ltd

Authority:
WoSign eCommerce Services Limited

Valid from:
11/29/2012 12:13:06 PM

Valid to:
11/30/2013 10:21:18 PM

Subject:
E=cq198@sina.com, CN="Chongqing Bannisha Network Information Technology Co., Ltd", O="Chongqing Bannisha Network Information Technology Co., Ltd", L=Chongqing, S=Chongqing, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:
229317ED9488F8

File PE Metadata
Compilation timestamp:
12/12/2012 1:53:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:JXCHLZGLZ1ENlsIKALI7TE6/jkwGKLZD2/C2cZ:JXm+1ENmIKnTE6kwGap

Entry address:
0x34DC

Entry point:
68, 00, 37, 40, 00, E8, EE, FF, FF, FF, 00, 00, 48, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, DF, 87, 1B, E9, 35, 23, 11, 40, 90, D2, 77, 47, A2, 3A, D5, ED, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 2D, 43, 30, 30, 30, 2D, 50, 61, 6F, 50, 61, 6F, 57, 65, 61, 74, 68, 65, 72, 00, 32, 2E, 00, 23, 30, 23, 43, 3A, 5C, 57, 00, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 03, 00, 00, 00, 50, C1, 51, CF, D7, E1, BB, 40, 91, 1C, 26, B2, A1, FE, A7, 1B, 01, 00, 00, 00, 98, 00, 00, 00...
 
[+]

Entropy:
6.5195

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
456 KB (466,944 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
PaopaoWeather

Command:
C:\Program Files\paopaoweather\paopaoweather.exe


Scan PaopaoWeather.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.