home

thunder5.exe

Thunder5

ShenZhen Thunder Networking Technologies Ltd.

Publisher:
ShenZhen Thunder Networking Technologies,LTD  (signed by ShenZhen Thunder Networking Technologies Ltd.)

Product:
Thunder5

Description:
Thunder

Version:
5,8,12,689

MD5:
7dc48a12f569a2785a7b7eaa6f83da5f

SHA-1:
1e0ea00f0d91839f9c45c1a7533f14238441fbd1

SHA-256:
758d4e58f0592160cf1a00b0b533b3524689e1db9e462c569ac92c8f3a578339

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/19/2024 12:42:06 AM UTC  (today)

Scan engine
Detection
Engine version

Vba32 AntiVirus
suspected of Win32.BrokenEmbeddedSignature
3.12.10.2

File size:
2.4 MB (2,532,888 bytes)

Product version:
5,8,12,689

Copyright:
Copyright (c) 2003-2009 Thunder Networking Technologies,LTD

Trademarks:
Xunlei

Original file name:
Thunder5

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
ShenZhen Thunder Networking Technologies Ltd.

Authority:
VeriSign, Inc.

Valid from:
4/26/2006 8:00:00 AM

Valid to:
6/1/2009 7:59:59 AM

Subject:
CN=ShenZhen Thunder Networking Technologies Ltd., OU=Department of System Engineering, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ShenZhen Thunder Networking Technologies Ltd., L=ShenZhen, S=GuangDong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3DC309C2ED0EE43509FC8BD868BC4CFD

File PE Metadata
Compilation timestamp:
3/12/2009 9:48:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:VqUcwFB7aVfw7nskiw3U+RBhOkzlqAYe00/J/fhTiDq6IjlwHoz2qM1PJvX5+Anx:3cw/7h7n57hOEsA7pZDwnx1kGhCDyG+

Entry address:
0xD9890

Entry point:
55, 8B, EC, 6A, FF, 68, 70, 10, 50, 00, 68, 6C, 98, 4D, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 20, C1, 52, 00, 59, 83, 0D, 14, 95, 52, 00, FF, 83, 0D, 18, 95, 52, 00, FF, FF, 15, 48, C2, 52, 00, 8B, 0D, FC, 93, 52, 00, 89, 08, FF, 15, 44, C2, 52, 00, 8B, 0D, F8, 93, 52, 00, 89, 08, A1, 40, C2, 52, 00, 8B, 00, A3, 10, 95, 52, 00, E8, F2, 01, 00, 00, 39, 1D, 30, 47, 52, 00, 75, 0C, 68, EE, 9A, 4D, 00, FF, 15, 3C, C2...
 
[+]

Entropy:
6.7966

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
952 KB (974,848 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to yz238.net117104056.thn.ne.jp  (117.104.56.238:51841)

TCP:
Connects to www123.asd.tj.cn  (221.196.223.123:10266)

TCP:
Connects to usr007.bb737-01.uaj.im.wakwak.ne.jp  (61.45.87.169:49155)

TCP (HTTP):
Connects to tracker.publicbt.com  (31.172.63.225:80)

TCP (HTTP):
Connects to tracker.openbittorrent.com  (31.172.63.252:80)

TCP:
Connects to softbank126114062154.bbtec.net  (126.114.62.154:16299)

TCP:
Connects to softbank126091089221.bbtec.net  (126.91.89.221:16107)

TCP:
Connects to softbank126050053171.bbtec.net  (126.50.53.171:11424)

TCP:
Connects to softbank126029254159.bbtec.net  (126.29.254.159:62247)

TCP:
Connects to softbank126007235197.bbtec.net  (126.7.235.197:12068)

TCP:
Connects to softbank126004091194.bbtec.net  (126.4.91.194:51413)

TCP:
Connects to reverse.gdsz.cncnet.net  (58.251.28.197:14424)

TCP:
Connects to PPPbf299.hokkaido-ip.dti.ne.jp  (210.170.202.49:15777)

TCP:
Connects to ppp-61-90-53-209.revip.asianet.co.th  (61.90.53.209:64426)

TCP:
Connects to ppp-58-9-161-2.revip2.asianet.co.th  (58.9.161.2:6881)

TCP:
Connects to pdf8714bb.aicint01.ap.so-net.ne.jp  (223.135.20.187:23848)

TCP:
Connects to pcd562177.netvigator.com  (218.102.94.177:20533)

TCP:
Connects to pcd551093.netvigator.com  (218.102.83.93:16367)

TCP:
Connects to p850fb7.tokynt01.ap.so-net.ne.jp  (223.133.15.183:8269)

TCP:
Connects to p4098-ipngn2201marunouchi.tokyo.ocn.ne.jp  (180.0.193.98:25202)

Scan thunder5.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.