home

qq空间宝_4.1.767.exe

liuliangbao

Hangzhou Yunbao Network&Technology Co.,Ltd

The application qq空间宝_4.1.767.exe by Hangzhou Yunbao Network&Technology Co.,Ltd has been detected as a potentially unwanted program by 12 anti-malware scanners.
Publisher:
www.liuliangbao.cn  (signed by Hangzhou Yunbao Network&Technology Co.,Ltd)

Product:
liuliangbao

Description:
刷QQ流量

Version:
4.1

MD5:

SHA-1:
9154caf96140aa2824d9cc8b3fd8a896a032bec3

SHA-256:
b964c54a89f42b398c0b319d42c7681b2048e81f258b536c18fb3b92368384ba

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
5/5/2024 7:31:21 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Gen
2014.12.20

Avira AntiVirus
TR/Kazy.1159168
7.11.196.234

Bitdefender
Gen:Variant.Strictor.70489
1.0.20.1240

Emsisoft Anti-Malware
Gen:Variant.Strictor.70489
8.16.09.04.10

ESET NOD32
Win32/Liuliangbao (variant)
10.10907

Fortinet FortiGate
Riskware/Liuliangbao
9/4/2016

F-Secure
Gen:Variant.Strictor.70489
11.2016-04-09_1

G Data
Gen:Variant.Strictor.70489
16.9.24

MicroWorld eScan
Gen:Variant.Strictor.70489
17.0.0.744

NANO AntiVirus
Trojan.Win32.Buterat.djgpom
0.28.6.64267

Trend Micro House Call
Suspicious_GEN.F47V1107
7.2.248

File size:
1.1 MB (1,166,848 bytes)

Product version:
4.1

Copyright:
版权所有 (C) 2012

Original file name:
liuliangbao

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\qq空间宝_4.1.767.exe

Digital Signature
Signed by:
Hangzhou Yunbao Network&Technology Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
6/26/2014 8:00:00 AM

Valid to:
8/26/2015 7:59:59 AM

Subject:
CN="Hangzhou Yunbao Network&Technology Co.,Ltd", OU=IT Dept., O="Hangzhou Yunbao Network&Technology Co.,Ltd", L=Hangzhou, S=Zhejiang, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7D7B3CBF4105DAE7A25AA30FF7C8CD21

File PE Metadata
Compilation timestamp:
9/17/2014 11:14:06 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:75QcmxkiT983zftoK8IK6qTduRsPPZLJTvdP7k3MD:75Qc1aBIBqTdu2PPZLJTvdP7OMD

Entry address:
0x9707E

Entry point:
E8, 63, C7, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 8B, 4D, 08, 53, 33, D2, 56, 57, 89, 55, FC, 3B, CA, 0F, 84, 84, 00, 00, 00, 8B, 7D, 0C, 3B, FA, 75, 07, 39, 55, 10, 75, 78, EB, 05, 39, 55, 10, 74, 71, 39, 55, 14, 75, 07, 39, 55, 18, 75, 67, EB, 05, 39, 55, 18, 74, 60, 39, 55, 1C, 75, 07, 39, 55, 20, 75, 56, EB, 05, 39, 55, 20, 74, 4F, 39, 55, 24, 75, 45, 39, 55, 28, 75, 45, 33, C0, 40, 8B, F1, 66, 39, 16, 74, 08, 48, 83, C6, 02, 3B, C2, 77, F3, 66, 83, 3E, 3A, 75, 39, 3B, FA, 74, 1A, 83, 7D...
 
[+]

Entropy:
6.5120

Code size:
819.5 KB (839,168 bytes)

Access Provider
Name:
MartaExtension


Remove qq空间宝_4.1.767.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.