home

qqintl2.1.exe

QQ International

Tencent Technology(Shenzhen) Company Limited

This is a setup program which is used to install the application. The file has been seen being downloaded from www.lo4d.com and multiple other hosts.
Publisher:
Tencent  (signed by Tencent Technology(Shenzhen) Company Limited)

Product:
QQ International

Version:
1.91.1310.0

MD5:
4ff2539524ed7fee44e1d6cad61f1d0e

SHA-1:
4acf5d5d11bb59e316f1f06c7a72ffa4484f0e3b

SHA-256:
ba753180d6d325082385a7c98e6790676947fa64e981f7cf3dde276432eb3501

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
5/1/2024 1:53:24 PM UTC  (today)

Scan engine
Detection
Engine version

NANO AntiVirus
Trojan.Win32.RunOnce.ctiywu
0.28.0.59048

File size:
48.2 MB (50,491,064 bytes)

Product version:
1.91.1310.0

Copyright:
Copyright (C) 2013 Tencent. All Rights Reserved

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\downloads\qqintl2.1.exe

Digital Signature
Signed by:
Tencent Technology(Shenzhen) Company Limited

Authority:
VeriSign, Inc.

Valid from:
1/17/2013 2:00:00 AM

Valid to:
2/17/2016 1:59:59 AM

Subject:
CN=Tencent Technology(Shenzhen) Company Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Tencent Technology(Shenzhen) Company Limited, L=shenzhen, S=guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7170BD93CF3F189AE6452B514C49340E

File PE Metadata
Compilation timestamp:
12/4/2013 7:04:51 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
786432:FdLNbLrwC2qoo8BQvJzM0B4kw5T/qw7yeZaUicJqC+eyKzZMN31mjvXGrWL:FhdwMWavJzM0stHyu6UqXKQmjv2rG

Entry address:
0xA8DF6

Entry point:
E8, 23, CA, 00, 00, E9, 17, FE, FF, FF, 55, 8D, AC, 24, 58, FD, FF, FF, 81, EC, 28, 03, 00, 00, A1, D4, 94, 51, 00, 33, C5, 89, 85, A4, 02, 00, 00, F6, 05, DC, 94, 51, 00, 01, 56, 74, 08, 6A, 0A, E8, 6F, 6B, 00, 00, 59, E8, CD, CA, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CF, CA, 00, 00, 59, F6, 05, DC, 94, 51, 00, 02, 0F, 84, A0, 00, 00, 00, 89, 85, 88, 00, 00, 00, 89, 8D, 84, 00, 00, 00, 89, 95, 80, 00, 00, 00, 89, 5D, 7C, 89, 75, 78, 89, 7D, 74, 66, 8C, 95, A0, 00, 00, 00, 66, 8C, 8D, 94, 00, 00, 00, 66, 8C...
 
[+]

Entropy:
7.9953  (probably packed)

Code size:
912 KB (933,888 bytes)

The file qqintl2.1.exe has been seen being distributed by the following 21 URLs.

http://www.lo4d.com/get-file/qq-international/.../

http://www.lo4d.com/get-file/qq-international/.../

http://www.lo4d.com/get-file/qq-international/.../

http://www.lo4d.com/get-file/qq-international/.../

http://www.lo4d.com/get-file/qq-international/.../

http://www.lo4d.com/get-file/qq-international/.../

http://www.lo4d.com/get-file/qq-international/.../

http://www.lo4d.com/get-file/qq-international/.../

http://www.lo4d.com/get-file/qq-international/.../

http://www.lo4d.com/get-file/qq-international/.../

http://www.lo4d.com/get-file/qq-international/.../

http://interia.hit.gemius.pl/hitredir/id=0stLay_GdLtDbdkbymp0ldU7jwzB44_kkcXH2eUJVFv.07/url=http://dldir1.qq.com/qqfile/QQIntl/.../QQIntl2.1.exe

http://www.lo4d.com/get-file/qq-international/.../

http://www.lo4d.com/get-file/qq-international/.../

http://www.lo4d.com/get-file/qq-international/.../

http://www.logitheque.com/.../f968d330.dl

http://www.lo4d.com/get-file/qq-international/.../

http://proxy.imqq.com/QQIntl2.1.exe

http://www.imqq.com/.../?from=hongkong

http://dldir1.qq.com/qqfile/QQIntl/.../QQIntl2.1.exe

http://www.imqq.com/.../?from=mainland

Scan qqintl2.1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.