» xf_qb_1800.exe
Overview
Analysis
File Details

xf_qb_1800.exe

旋风影音安装程序

Shanghai Digital Century Network Co.,Ltd.

The application xf_qb_1800.exe by Shanghai Digital Century Network Co.,Ltd has been detected as a potentially unwanted program by 11 anti-malware scanners.

File name:

xf_qb_1800.exe

Publisher:

www.xuanfeng.com (signed by Shanghai Digital Century Network Co.,Ltd.)

Product:

旋风影音安装程序

Version:

2.8.0.0

MD5:

200a83d98f8d618b6e33d86f8c4de98d

SHA-1:

935a66f94acb79d75b2a91ef070a506fa29a8b4f

SHA-256:

2c3134f7c95fa0600d4ce1259852281b31da4574c27417e29d67b6129121900d

Scanner detections:

11 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 10:41:32 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Agent.3159600

7.11.214.168

Comodo Security

Packed.Win32.MUPX.Gen

21332

ESET NOD32

Win32/FlyStudio.Packed.AD potentially unwanted (variant)

9.11285

Fortinet FortiGate

W32/OnLineGames.AJN!tr

10/26/2015

K7 AntiVirus

Trojan

13.200.15187

Kaspersky

Packed.Multi.MultiPacked

14.0.0.1217

McAfee

Flyagent

5600.6600

Panda Antivirus

Trj/OCJ.F

15.10.26.01

Rising Antivirus

PE:Packer.Win32.Agent.g!1075137382

23.00.65.151024

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

38222

File size:

3 MB (3,159,600 bytes)

Product version:

2.8.0.0

File type:

Executable application (Win32 EXE)

Language:

Chinese (PRC)

Common path:

C:\users\{user}\downloads\xf_qb_1800.exe

Digital Signature

Signed by:

Shanghai Digital Century Network Co.,Ltd.

Authority:

VeriSign, Inc.

Valid from:

6/14/2013 8:00:00 AM

Valid to:

6/15/2014 7:59:59 AM

Subject:

CN="Shanghai Digital Century Network Co.,Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Shanghai Digital Century Network Co.,Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7A9614A6E69B814BF05CB1C6A3F266EE

File PE Metadata

Compilation timestamp:

3/22/2014 12:44:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

49152:d4NSyt5RP96HVfoSvfiydJ9/RePT+qEn39TQSowNjczKOluUCVa+1RiZiq6FL:XytT9oV96ydb/7n3acNjvU+1sZL6R

Entry address:

0xE61024

Entry point:

F9, EB, 09, 86, 9D, D9, 12, 4B, E1, 91, 9D, D4, 60, 72, 06, BD, 95, D5, 2F, 80, 64, E8, 04, 00, 00, 00, D4, E8, 64, FC, 5B, EB, 04, 6D, 27, 6D, EC, 81, C3, C2, FF, FF, FF, EB, 05, 34, 7E, 50, B9, 15, 83, 3B, 00, F8, 73, 06, D8, A0, 31, F1, C6, BD, 0F, 84, 85, 00, 00, 00, 73, 02, A3, 94, 8B, FB, 73, 09, 01, FB, 8F, BC, 2A, F1, 9B, 0E, 0D, 83, C3, 04, EB, 0A, AD, 9B, 67, 2E, 86, E7, 37, E1, 40, 7B, 8B, 13, EB, 03, 84, 9A, E8, 03, D3, F9, 72, 07, C8, 00, 30, 8A, 70, D0, A8, 8B, 43, 04, EB, 06, C7, 03, A3, 35... 
[+]

Entropy:

7.9965 (probably packed)

Code size:

3 MB (3,117,568 bytes)

Remove xf_qb_1800.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.