home

tbzs-com.taobao.reader-.exe

TaoBao(china) Software Co., Ltd

This is a setup program which is used to install the application. The file has been seen being downloaded from zs.app.taobao.com.
Publisher:
TaoBao(china) Software Co., Ltd  (signed and verified)

MD5:
961c956518769b49962d12d8cd17e4dc

SHA-1:
19eb34413f84cd2de5e8d008329da1c2366effa0

SHA-256:
50ea362f0e7fe9696d859b6e5f4f42b7f1c133690493a8e95323dd34c96f7b86

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/30/2024 7:27:47 AM UTC  (today)

File size:
11.6 MB (12,155,208 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\tbzs-com.taobao.reader-.exe

Digital Signature
Signed by:
TaoBao(china) Software Co., Ltd

Authority:
VeriSign, Inc.

Valid from:
4/23/2012 8:00:00 AM

Valid to:
6/23/2014 7:59:59 AM

Subject:
CN="TaoBao(china) Software Co., Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="TaoBao(china) Software Co., Ltd", L=HangZhou, S=ZheJiang, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
476AB70C913F23091F0B21B7416C5242

File PE Metadata
Compilation timestamp:
4/8/2014 11:36:32 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:sWHFsZnP64lMVNmdN75Qx+DutGoANHAT/fDHF0E5C+nQTwMnNpX92TW5f:ZiZnPblMDmX0+Di7CHszvtQTdpX9Lf

Entry address:
0x354BE

Entry point:
E8, A3, 05, 00, 00, E9, 6B, FD, FF, FF, FF, 25, 9C, 82, 43, 00, FF, 25, 88, 82, 43, 00, 6A, 14, 68, 48, 2F, 44, 00, E8, E0, 04, 00, 00, FF, 35, 58, 76, 44, 00, 8B, 35, F0, 80, 43, 00, FF, D6, 89, 45, E4, 83, F8, FF, 75, 0C, FF, 75, 08, FF, 15, E0, 81, 43, 00, 59, EB, 64, 6A, 08, E8, 05, 06, 00, 00, 59, 83, 65, FC, 00, FF, 35, 58, 76, 44, 00, FF, D6, 89, 45, E4, FF, 35, 54, 76, 44, 00, FF, D6, 89, 45, E0, 8D, 45, E0, 50, 8D, 45, E4, 50, FF, 75, 08, 8B, 35, F4, 80, 43, 00, FF, D6, 50, E8, CB, 05, 00, 00, 83...
 
[+]

Entropy:
7.9896  (probably packed)

Code size:
216.5 KB (221,696 bytes)

The file tbzs-com.taobao.reader-.exe has been seen being distributed by the following URL.

http://zs.app.taobao.com/getPcDownloadUrl.htm?spm=0.0.0.0.pn9ICP&key=pcassisforweb&pname=com.taobao.reader

Scan tbzs-com.taobao.reader-.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.