» xuanfeng.exe
Overview
Analysis
File Details
Behaviors (1)

xuanfeng.exe

睢宁华多网络科技有限公司

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Ðý·çÓ°Òô’.

File name:

xuanfeng.exe

Publisher:

旋风影音 (signed by 睢宁华多网络科技有限公司)

Product:

旋风影音

Version:

3.0.1.0

MD5:

3c4b3316ac703d56b4e433528c24acab

SHA-1:

e1931f43c4184e42726fad304816057a83da7c8c

SHA-256:

0e86548b1eb7dcb351d1c7c55cf3fd5e72f02bd0ff6190c09752598f04dc05d7

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

7/10/2025 4:09:20 AM UTC (today)

Scan engine

Detection

Engine version

Qihoo 360 Security

Trojan.Generic

1.0.0.1015

Total Defense

Win32/Oflwr.A!crypt

37.0.11277

File size:

1.4 MB (1,493,456 bytes)

Product version:

3.0.1.0

http://www.xuanfeng.com

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, China)

Digital Signature

Signed by:

睢宁华多网络科技有限公司

Authority:

WoSign CA Limited

Valid from:

4/2/2014 1:50:33 PM

Valid to:

4/3/2015 1:50:33 PM

Subject:

CN=睢宁华多网络科技有限公司, E=xuanfengcom@hotmail.com, O=睢宁华多网络科技有限公司, L=徐州市, S=江苏省, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

14D4BFE554ED0607FECDC83BC1BF5495

File PE Metadata

Compilation timestamp:

4/9/2014 12:08:09 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:3q7Q89ApGwDaJJtew1KMFiP3ipNNc1Pcx0Zprrq9b9VVNxXpooX+njwn+Xz46aKZ:3q/N2PcyZprrq9bTpXWZ

Entry address:

0x5AB9C

Entry point:

E8, EB, 68, 00, 00, E9, 9A, FE, FF, FF, B8, B2, 1F, 46, 00, A3, 10, 06, 55, 00, C7, 05, 14, 06, 55, 00, C6, 16, 46, 00, C7, 05, 18, 06, 55, 00, 7A, 16, 46, 00, C7, 05, 1C, 06, 55, 00, B3, 16, 46, 00, C7, 05, 20, 06, 55, 00, 1C, 16, 46, 00, A3, 24, 06, 55, 00, C7, 05, 28, 06, 55, 00, 2A, 1F, 46, 00, C7, 05, 2C, 06, 55, 00, 38, 16, 46, 00, C7, 05, 30, 06, 55, 00, 9A, 15, 46, 00, C7, 05, 34, 06, 55, 00, 27, 15, 46, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, DB, 73, 00, 00, DB... 
[+]

Entropy:

5.7743

Code size:

507 KB (519,168 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Ðý·çÓ°Òô

Command:

C:\xuanfeng\xuanfeng.exe auto

Scan xuanfeng.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.