home

subjected會員版5.1.2.exe

Project1

This is a setup program which is used to install the application. The file has been seen being downloaded from doc.google.com.
Product:
Project1

Version:
1.00

MD5:
7cd40006e4cf41688a328d74445a0dba

SHA-1:
145e1b59b9a6064202bd61f8eca35668b813bfe1

SHA-256:
2357b8b3ae20cc4bb587001447ed788f8a9a7d6aca4dcad542d73e9736bcbaa5

Scanner detections:
6 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/29/2024 6:09:10 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Crypt.XPACK.Gen
8.3.3.4

avast!
Win32:Evo-gen [Susp]
2014.9-160516

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.16516

Bkav FE
HW32.Packed
1.3.0.8017

Qihoo 360 Security
HEUR/QVM16.0.0000.Malware.Gen
1.0.0.1120

Quick Heal
(Suspicious) - DNAScan
5.16.14.00

File size:
196 KB (200,704 bytes)

Product version:
1.00

Original file name:
tales runner.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\subjected會員版5.1.2.exe

File PE Metadata
Compilation timestamp:
5/9/2016 11:40:58 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:usd4dfqYHoa9kqhI1q6g7IvEfEagFrSsVblWv8VTyqP9yCg3/c5V:H4NrXIwFCEc7FusVxc8NsCj

Entry address:
0x85352

Entry point:
68, 01, 48, 23, CA, E8, E4, 73, 02, 00, 68, 01, 4A, C0, D5, E8, 1E, 76, 02, 00, 83, 71, E3, E4, F5, 55, 8D, 64, 24, 34, 0F, 84, 28, 70, 02, 00, 54, 11, C9, 68, FA, 4D, 58, 15, 8D, 64, 24, 08, E9, 9C, FD, FF, FF, 00, 00, 5F, 5F, 76, 62, 61, 4C, 73, 65, 74, 46, 69, 78, 73, 74, 72, 00, 70, 8D, 08, 0B, 6E, F9, E4, 47, 5A, AD, 88, D3, 46, C3, 5B, 26, 6B, BD, 6D, 28, E3, 38, 4A, 0F, 91, C0, AC, 60, E9, 73, 6F, 02, 00, 00, 00, 5F, 5F, 76, 62, 61, 4C, 65, 6E, 42, 73, 74, 72, 00, 00, 00, 5F, 5F, 76, 62, 61, 53, 65...
 
[+]

Entropy:
7.7139

Packer / compiler:
ASProtect v1.2

Code size:
696 KB (712,704 bytes)

The file subjected會員版5.1.2.exe has been seen being distributed by the following URL.

http://doc.google.com/uc?authuser=0&id=0B-vaAqxng3zWamJZT21EUVlpdTQ&export=download

Scan subjected會員版5.1.2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.