» parseurl.exe
Overview
Analysis
File Details
Network (4)

parseurl.exe

Moyea Software Co., Ltd.

File name:

parseurl.exe

Publisher:

Moyea Software Co., Ltd. (signed and verified)

Version:

1.0.0.0

MD5:

edc743608dbc7911c99a3f9bb5fa7956

SHA-1:

b43f8b066ec6503a2b3172cd1834d85ee3de1351

SHA-256:

2565e4e71158aeb6fc12421ed9a6cc38f32673960c40831903f0189e0f703207

Scanner detections:

2 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/25/2024 3:12:27 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/AdSubscribe.60

7.9.1.150

Dr.Web

Trojan.AdSubscribe.60

9.0.1.0163

File size:

609.8 KB (624,384 bytes)

Product version:

0.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (Australia)

Common path:

C:\Program Files\moyea\youtube flv downloader\parseurl.exe

Digital Signature

Signed by:

Moyea Software Co., Ltd.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

1/14/2009 3:00:00 AM

Valid to:

1/15/2010 2:59:59 AM

Subject:

CN="Moyea Software Co., Ltd.", OU=Secure Application Development, O="Moyea Software Co., Ltd.", L=Kunshan, S=Jiangsu, C=CN

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

2C99F4823A1D176E24CFE34228EE54A4

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:2ozYVumdSn9j2ndSW9St4IFyKIhdkQ/S+E1zwYm+sgQqc3gzeDrYlGvfZsBWldi:5m6IndnkqK/CK1zwYm+sYz7LB8di

Entry address:

0x70CEC

Entry point:

55, 8B, EC, 83, C4, F0, B8, BC, 0A, 47, 00, E8, 34, 54, F9, FF, A1, 94, 21, 47, 00, 8B, 00, E8, DC, 4B, FF, FF, 8B, 0D, 80, 21, 47, 00, A1, 94, 21, 47, 00, 8B, 00, 8B, 15, 80, F9, 46, 00, E8, E4, 4B, FF, FF, A1, 94, 21, 47, 00, 8B, 00, E8, 6C, 4C, FF, FF, E8, 4F, 32, F9, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.1321

Developed / compiled with:

Microsoft Visual C++

Code size:

447.5 KB (458,240 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to https-178-79-242-2.fra.llnw.net (178.79.242.2:80)

TCP (HTTP):

Connects to vip060.ssl.hwcdn.net (205.185.208.60:80)

TCP (HTTP):

Connects to vip142.ssl.hwcdn.net (205.185.208.142:80)

TCP (HTTP):

Connects to vip085.ssl.hwcdn.net (205.185.208.85:80)

Scan parseurl.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.