» piluo_setup.exe
Overview
Analysis
File Details

piluo_setup.exe

Xiamen RenYou Network Technology Co.,Ltd.

File name:

piluo_setup.exe

Publisher:

Xiamen RenYou Network Technology Co.,Ltd. (signed and verified)

MD5:

28a2d3d645a2c392bdccd94e330bbb97

SHA-1:

24a00939ef34e994643c0f0a8e4448842ffe2c57

SHA-256:

005bde7c3701bfd9eee8f58b521902e1d0d9347713ce1a60a42985ed4ae56892

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/18/2024 4:13:18 AM UTC (today)

Scan engine

Detection

Engine version

IKARUS anti.virus

Trojan.Win32.Spy

t3scan.1.8.6.0

File size:

8.8 MB (9,180,992 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\uqdtmp\piluo_setup.exe

Digital Signature

Signed by:

Xiamen RenYou Network Technology Co.,Ltd.

Authority:

WoSign eCommerce Services Limited

Valid from:

10/25/2013 12:52:42 PM

Valid to:

11/26/2014 11:19:42 PM

Subject:

E=admin@uqidong.com, CN="Xiamen RenYou Network Technology Co.,Ltd.", O="Xiamen RenYou Network Technology Co.,Ltd.", L=Xiamen, S=Fujian, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:

0845A372AD7AC4

File PE Metadata

Compilation timestamp:

6/20/1992 6:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

196608:+fb7ThSDm6CiafVp+w0QoWxPJQoWce6QoWB1:+fXThSDm6Cikf+wHxPmced7

Entry address:

0x7F388

Entry point:

55, 8B, EC, 83, C4, F0, 53, 56, 57, B8, 08, F1, 47, 00, E8, E1, 6D, F8, FF, 33, D2, 55, 68, 39, F4, 47, 00, 64, FF, 32, 64, 89, 22, 68, 4C, F4, 47, 00, 6A, 00, 6A, 00, E8, E5, 6F, F8, FF, E8, B8, 70, F8, FF, 3D, B7, 00, 00, 00, 75, 0C, A1, 8C, 1C, 48, 00, 8B, 00, E8, 65, A6, FD, FF, A1, 8C, 1C, 48, 00, 8B, 00, E8, D5, A4, FD, FF, 8B, 0D, 9C, 1A, 48, 00, A1, 8C, 1C, 48, 00, 8B, 00, 8B, 15, E0, BC, 47, 00, E8, D5, A4, FD, FF, 8B, 0D, F4, 19, 48, 00, A1, 8C, 1C, 48, 00, 8B, 00, 8B, 15, 14, AC, 47, 00, E8, BD... 
[+]

Entropy:

6.7512

Developed / compiled with:

Microsoft Visual C++

Code size:

505.5 KB (517,632 bytes)

Scan piluo_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.