» pptv_tulong_130117.exe
Overview
Analysis
File Details

pptv_tulong_130117.exe

屠龙传说

Viduan Network Technology Co., LTD

File name:

Publisher:

微端网络 (signed by Viduan Network Technology Co., LTD)

Product:

屠龙传说

Version:

1, 0, 1, 3

MD5:

690648c401e84fed0bb8700dea24a4c5

SHA-1:

c0c99024a60b950233e1635d39c8a74c3f681177

SHA-256:

6142a5972d8b1dade7c9a1776cb610f8c2050b4dacb355628051f578fa4bf2f4

Scanner detections:

2 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/23/2024 7:25:54 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Sality

160215-2

F-Prot

W32/Virut.AI!Generic

4.6.5.141

File size:

133.1 KB (136,328 bytes)

Product version:

1, 0, 1, 3

Original file name:

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\ProgramData\pplive\ppap\pptv_tulong_130117.exe

Digital Signature

Signed by:

Viduan Network Technology Co., LTD

Authority:

WoSign eCommerce Services Limited

Valid from:

7/4/2012 7:43:25 AM

Valid to:

7/6/2013 11:59:39 AM

Subject:

E=admin@viduan.com, CN="Viduan Network Technology Co., LTD", O="Viduan Network Technology Co., LTD", L=Zhenjiang, S=Jiangsu, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:

217DAE65B76259

File PE Metadata

Compilation timestamp:

11/2/2012 6:17:56 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:8jegBXpo5fQ63TFxaKhqRXOQH72YpWoAQJJ:PEpYooT2KhgOQHtAcJ

Entry address:

0x4C66

Entry point:

55, 8B, EC, 6A, FF, 68, F8, 6D, 40, 00, 68, EC, 4D, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 20, 63, 40, 00, 59, 83, 0D, BC, BC, 40, 00, FF, 83, 0D, C0, BC, 40, 00, FF, FF, 15, F4, 62, 40, 00, 8B, 0D, B0, BC, 40, 00, 89, 08, FF, 15, F8, 62, 40, 00, 8B, 0D, AC, BC, 40, 00, 89, 08, A1, FC, 62, 40, 00, 8B, 00, A3, B8, BC, 40, 00, E8, 16, 01, 00, 00, 39, 1D, C0, 93, 40, 00, 75, 0C, 68, E8, 4D, 40, 00, FF, 15, 00, 63... 
[+]

Entropy:

7.5088

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

17 KB (17,408 bytes)

Scan pptv_tulong_130117.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.