home

report.exe

qiusheng xie

The application report.exe by qiusheng xie has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
qiusheng xie  (signed and verified)

MD5:
996cd0627d54890ce8bed880f41c2f19

SHA-1:
9f16e7c4824d695ba275c04f570eed561aa6ad5b

SHA-256:
78af51b38297d150192215ffdfefa5068829fae913b8b166f0ef8fa4c4c5272a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
1/6/2026 4:18:43 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Qiusheng.qiushengxie.Meta (L)
15.11.27.23

File size:
258.2 KB (264,352 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\screensnapshottool\1.0.1.10301\report.exe

Digital Signature
Signed by:
qiusheng xie

Authority:
Symantec Corporation

Valid from:
4/26/2015 8:00:00 PM

Valid to:
4/26/2016 7:59:59 PM

Subject:
CN=qiusheng xie, OU=Individual Developer, O=No Organization Affiliation, L=深圳市, S=广东省, C=CN

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
3C70F2B2B6E352094A12BA8665D3A9D1

File PE Metadata
Compilation timestamp:
6/15/2015 5:07:21 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:ZMRtSBJFF9kXa/WJnLeHTXR0TXR6WErS4Ssv:ZgSBJFrcyWJnKH44Bv

Entry address:
0x20140

Entry point:
E8, A1, 65, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, E2, 66, 00, 00, 83, C4, 18, 5D, C3, CC, CC, CC, CC, CC, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83, E8, 01, 74, 32, F7, C2, 03, 00, 00, 00, 75, EA, 83, E8, 04, 72, 12, 57, 8B, FB, C1, E3, 08, 03, DF, 8B, FB, C1, E3, 10, 03, DF, EB, 1B, 5F, 83, C0, 04, 74, 0E, 8A, 0A, 83...
 
[+]

Entropy:
6.4829

Code size:
197.5 KB (202,240 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-204-49-223.compute-1.amazonaws.com  (52.204.49.223:80)

TCP (HTTP):
Connects to ec2-34-199-195-133.compute-1.amazonaws.com  (34.199.195.133:80)

TCP (HTTP):
Connects to ec2-54-165-188-245.compute-1.amazonaws.com  (54.165.188.245:80)

TCP (HTTP):
Connects to ec2-34-194-98-23.compute-1.amazonaws.com  (34.194.98.23:80)

TCP (HTTP):
Connects to ec2-52-0-70-24.compute-1.amazonaws.com  (52.0.70.24:80)

TCP (HTTP):
Connects to ec2-52-87-107-110.compute-1.amazonaws.com  (52.87.107.110:80)

TCP (HTTP):
Connects to ec2-34-200-202-177.compute-1.amazonaws.com  (34.200.202.177:80)

TCP (HTTP):
Connects to ec2-52-205-101-0.compute-1.amazonaws.com  (52.205.101.0:80)

TCP (HTTP):
Connects to ec2-54-236-119-173.compute-1.amazonaws.com  (54.236.119.173:80)

TCP (HTTP):
Connects to ec2-52-200-155-121.compute-1.amazonaws.com  (52.200.155.121:80)

TCP (HTTP):
Connects to ec2-52-200-118-41.compute-1.amazonaws.com  (52.200.118.41:80)

TCP (HTTP):
Connects to ec2-34-192-86-237.compute-1.amazonaws.com  (34.192.86.237:80)

TCP (HTTP):
Connects to ec2-52-205-194-174.compute-1.amazonaws.com  (52.205.194.174:80)

TCP (HTTP):
Connects to unallocated.barefruit.co.uk  (92.242.144.5:80)

TCP (HTTP):
Connects to know-sspiprxy-vip.network.virginmedia.net  (62.252.172.241:80)

TCP (HTTP):
Connects to ec2-54-210-43-251.compute-1.amazonaws.com  (54.210.43.251:80)

TCP (HTTP):
Connects to ec2-54-173-120-227.compute-1.amazonaws.com  (54.173.120.227:80)

TCP (HTTP):
Connects to ec2-34-192-147-223.compute-1.amazonaws.com  (34.192.147.223:80)

Remove report.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.