home

qbserv_20160608.exe

QQ浏览器

Tencent Technology(Shenzhen) Company Limited

Publisher:
Tencent Inc.  (signed by Tencent Technology(Shenzhen) Company Limited)

Product:
QQ浏览器

Description:
TsService

Version:
2.0.1353.400

MD5:
630ed6a885d18acd5c5cc350c8a55dbf

SHA-1:
e0dc56ce4646f1374017306a31afbeb3368715fd

SHA-256:
5ebcb441e654689e8d6d3ac26da17cc0320976ab326e00fe1454624b2ca0a0c0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/27/2024 2:49:46 AM UTC  (today)

File size:
1.1 MB (1,167,056 bytes)

Product version:
2,0,1353,400

Copyright:
Copyright © 2014 Tencent. All Rights Reserved.

Original file name:
TsService.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\qbserv_20160608.exe

Digital Signature
Signed by:
Tencent Technology(Shenzhen) Company Limited

Authority:
VeriSign, Inc.

Valid from:
2/4/2016 8:00:00 AM

Valid to:
3/29/2019 7:59:59 AM

Subject:
CN=Tencent Technology(Shenzhen) Company Limited, OU=研发管理部, O=Tencent Technology(Shenzhen) Company Limited, L=Shenzhen, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
52048B9C8A67E28F0CC8CC75813DDC5A

File PE Metadata
Compilation timestamp:
6/14/2016 11:36:08 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:nEGSDWEMHLJkET8znuJ5d3P8DKcnfzgwhiTJS+5iLSz:n3SDWEMrJkET82rlIrgwhiT8NSz

Entry address:
0x95BC2

Entry point:
E8, 43, E2, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 14, 8B, 4D, 08, 56, 85, D2, 75, 0D, 85, C9, 75, 0D, 39, 4D, 0C, 75, 26, 33, C0, EB, 33, 85, C9, 74, 1E, 8B, 45, 0C, 85, C0, 74, 17, 85, D2, 75, 07, 33, C0, 66, 89, 01, EB, E6, 8B, 75, 10, 85, F6, 75, 19, 33, C0, 66, 89, 01, E8, 2D, 74, 00, 00, 6A, 16, 5E, 89, 30, E8, CB, 24, 00, 00, 8B, C6, 5E, 5D, C3, 53, 8B, D9, 57, 8B, F8, 83, FA, FF, 75, 16, 2B, DE, 0F, B7, 06, 66, 89, 04, 33, 8D, 76, 02, 66, 85, C0, 74, 25, 4F, 75, EE, EB, 20, 2B, F1, 0F, B7...
 
[+]

Entropy:
6.5254

Code size:
772.5 KB (791,040 bytes)

The file qbserv_20160608.exe has been seen being distributed by the following 4 URLs.

http://111.23.5.142/dldir1.qq.com/invc/tt/.../QBServ_20160608.exe

http://dldir1.qq.com/invc/tt/.../QBServ_20160608.exe

http://202.150.16.19:9203/1BB6CCDDE3BACF202AEAC41F70E73D080A75104B48390825333DD6E9E338F8DF52706434CA58552FD940D7510/dldir1.qq.com/invc/tt/.../QBServ_20160608.exe

http://111.7.128.41/cache/dldir1.qq.com/invc/tt/.../QBServ_20160608.exe

Scan qbserv_20160608.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.