» PersonUDisk.exe
Overview
Analysis
File Details

PersonUDisk.exe

Hangzhou Shunwang Information Technology Co., Ltd

The executable PersonUDisk.exe has been detected as malware by 13 anti-virus scanners.

File name:

PersonUDisk.exe

Publisher:

Sunward Information Technology Co.Ltd (signed by Hangzhou Shunwang Information Technology Co., Ltd)

Product:

PersonUDisk.exe

Version:

2010, 8, 2, 1

MD5:

5b6ed7ad06c53c23b7f6c731b210172d

SHA-1:

07156a7cf65a1b03fa94ae3d5561295eb04114be

Scanner detections:

13 / 68

Status:

Malware

Analysis date:

4/26/2024 3:54:27 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.FirewallBypass.tq1@aS!!JHjj

533

Avira AntiVirus

TR/FwBypass.315472

8.3.1.6

avast!

Win32:Malware-gen

2014.9-150820

Bitdefender

Gen:Trojan.FirewallBypass.tq1@aS!!JHjj

1.0.20.1160

Emsisoft Anti-Malware

Gen:Trojan.FirewallBypass.tq1@aS!!JHjj

8.15.08.20.03

F-Secure

Gen:Trojan.FirewallBypass.tq1@aS!!JHjj

11.2015-20-08_5

G Data

Gen:Trojan.FirewallBypass.tq1@aS!!JHjj

15.8.25

IKARUS anti.virus

Gen.Trojan

t3scan.1.8.9.0

McAfee

Artemis!5B6ED7AD06C5

5600.6667

MicroWorld eScan

Gen:Trojan.FirewallBypass.tq1@aS!!JHjj

16.0.0.696

Trend Micro House Call

TROJ_GEN.R03EC0OEI15

7.2.232

Trend Micro

TROJ_GEN.R03EC0OEI15

10.465.20

VIPRE Antivirus

Trojan.Win32.Generic

40356

File size:

308.1 KB (315,472 bytes)

Product version:

6, 0, 0, 2

Sunward Information Technology Co.Ltd

Original file name:

PersonUDisk.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese (PRC)

Common path:

C:\Program Files\gcafepro\personudisk\personudisk.exe

Digital Signature

Signed by:

Hangzhou Shunwang Information Technology Co., Ltd

Authority:

GlobalSign nv-sa

Valid from:

6/26/2009 12:34:08 PM

Valid to:

6/27/2011 12:34:04 PM

Subject:

CN="Hangzhou Shunwang Information Technology Co., Ltd", OU="Hangzhou Shunwang Information Technology Co., Ltd", O="Hangzhou Shunwang Information Technology Co., Ltd", C=CN

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

010000000001221B4097E0

File PE Metadata

Compilation timestamp:

8/2/2010 5:24:52 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

6144:JSnkfJMQah/KKOxCx7nh1/fV33x6Oaxg:Jgkfo/KKO2h1nyOax

Entry address:

0x26A0A

Entry point:

E8, AF, AF, 00, 00, E9, A4, FE, FF, FF, 6A, 0C, 68, B8, 81, 44, 00, E8, C8, 06, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 4C, 1B, 45, 00, 77, 22, 6A, 04, E8, 4A, 9E, 00, 00, 59, 83, 65, FC, 00, 56, E8, F2, B7, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, D4, 06, 00, 00, C3, 6A, 04, E8, 45, 9D, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, D8, D0, 43, 00, 83, 3D, 64, 1A, 45, 00, 00, 75, 18, E8, 60, 62, 00... 
[+]

Entropy:

6.4838

Code size:

236.5 KB (242,176 bytes)

Remove PersonUDisk.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.