» XQSCHOOL.EXE
Overview
Analysis
File Details

XQSCHOOL.EXE

XiangQi School of Witchcraft and Wizardry II

Shanghai Xianqu Info-Tech Co., Ltd.

File name:

XQSCHOOL.EXE

Publisher:

www.xqbase.com (signed by Shanghai Xianqu Info-Tech Co., Ltd.)

Product:

XiangQi School of Witchcraft and Wizardry II

Version:

5.40

MD5:

1cc9719c474592f6061fcc7c399560bd

SHA-1:

f1b5f0723eae8c7108117354f31a788e2ef955bf

SHA-256:

613fde3420e2cc4b1536f4ed2630a46b459070c24e9af460258429579b50a61c

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/27/2024 9:56:21 PM UTC (today)

Scan engine

Detection

Engine version

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.141029

Vba32 AntiVirus

BScope.Trojan.Diple

3.12.24.3

File size:

992.2 KB (1,016,016 bytes)

Product version:

5.40

Trademarks:

www.xqbase.com

Original file name:

XQSCHOOL.EXE

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\xqwizard\xqschool.exe

Digital Signature

Signed by:

Shanghai Xianqu Info-Tech Co., Ltd.

Authority:

COMODO CA Limited

Valid from:

12/17/2013 8:00:00 AM

Valid to:

12/18/2014 7:59:59 AM

Subject:

CN="Shanghai Xianqu Info-Tech Co., Ltd.", O="Shanghai Xianqu Info-Tech Co., Ltd.", STREET="Room 107, Building 1, Sub-Lane 88,", STREET="Lane 3509, South Hongmei Road", L=Minhang, S=Shanghai, PostalCode=201108, C=CN

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00AB1111E985161DDC34C713C99C026C1D

File PE Metadata

Compilation timestamp:

12/17/2013 11:33:22 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:QIBv1aU3HRgQw3s42UhsxtLDhJ8a9mA+wiC5qEnUJGMQy54eFaRo065LM+:QIB9fsfjSxtT8akA+w7Zq54eFio065g+

Entry address:

0x2B44

Entry point:

68, 6C, 2C, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 0B, 19, 63, 37, 17, E9, 61, 4F, 8C, CF, 19, 5B, 9E, D0, 93, 39, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 42, 6F, 72, 64, 65, 72, 70, 72, 6A, 58, 51, 53, 63, 68, 6F, 6F, 6C, 00, 20, 20, 33, 20, 00, 00, 00, 00, 01, 00, 04, 00, E0, CA, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00, F4, CB, 40, 00, D0, 40, 4E, 00, 00, 00, 00, 00, 18, B8, 1E, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.2229

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

908 KB (929,792 bytes)

Scan XQSCHOOL.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.