» xscipiydgkfzjhre.exe
Overview
Analysis
File Details

xscipiydgkfzjhre.exe

Kakasoft Software Co. Ltd

File name:

Publisher:

Kakasoft Software Co. Ltd (signed and verified)

MD5:

8924ea6027716f056484f6e1ab653c27

SHA-1:

426fb6a40e384257232de592e0879486566d7ff9

SHA-256:

36a4c02675eb79a9d3eb71dfd9d807af8dffec0068b51dab09064411f3eabf32

Scanner detections:

5 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/25/2024 12:32:42 PM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

TrojWare.Win32.Amtar.KNB

23628

ESET NOD32

Win32/Packed.NoobyProtect.P suspicious (variant)

9.12601

Fortinet FortiGate

W32/SfEngine.A!tr

11/22/2015

Malwarebytes

Trojan.Agent.Gen

v2015.11.22.05

McAfee

Trojan-FDFO!8924EA602771

5600.6574

File size:

1.2 MB (1,264,232 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\temp\rarsfx4\xscipiydgkfzjhre.exe

Digital Signature

Signed by:

Kakasoft Software Co. Ltd

Authority:

Thawte, Inc.

Valid from:

12/3/2013 8:00:00 AM

Valid to:

12/4/2015 7:59:59 AM

Subject:

CN=Kakasoft Software Co. Ltd, OU=技术, O=Kakasoft Software Co. Ltd, L=Shenzhen, S=Guangdong, C=CN

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

77E7C983522AB4D10B652160EF47864C

File PE Metadata

Compilation timestamp:

11/13/2015 5:30:53 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:PTaJvxnQ8RBUhkGACF6hivI0doxUjlUPD+ecpNI4WDnVEpUeqFwqq:PTa968Ah1f6idNUlcpN/WDnV3Fwx

Entry address:

0x196A1B

Entry point:

E8, 21, 00, 00, 00, 53, 61, 66, 65, 6E, 67, 69, 6E, 65, 20, 4C, 69, 63, 65, 6E, 73, 6F, 72, 20, 44, 65, 6D, 6F, 20, 76, 31, 2E, 38, 2E, 30, 2E, 30, 00, 8D, 64, 24, 04, 60, 64, 8B, 05, 30, 00, 00, 00, 8B, 40, 0C, 8B, 40, 1C, 8B, 00, 8B, 40, 08, 50, E9, 0E, FF, FF, FF, 59, DB, 4B, 2E, DD, 32, AA, 25, B5, DC, 2F, D9, A5, 35, A5, CC, 3F, D5, 5A, CF, 5F, 3A, C9, 22, 38, A8, 3E, 59, A8, 0F, C5, 54, CA, AD, 5C, 9F, 7D, E9, 79, 18, EB, 0B, 8F, 18, 8E, E9, 18, F2, 21, BB, 2B, 4E, BD, 53, 13, 86, 14, 73, 8E, 29, 07... 
[+]

Entropy:

7.5244

Scan xscipiydgkfzjhre.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.