» yisu7_downloader.exe
Overview
Analysis
File Details
Behaviors (1)

yisu7_downloader.exe

BitCometLite

Beijing Gamebar Entertainment Co.,Ltd.

File name:

Publisher:

www.BitComet.com (signed by Beijing Gamebar Entertainment Co.,Ltd.)

Product:

BitCometLite

Version:

1.9

MD5:

66d88c1a6fc4f4d68d405516b46f292d

SHA-1:

a4eed17f948ac53e0dd5a4bf222cc9bf22f341cc

SHA-256:

d24b67d80cce0ace752125de3113f01ff1a312aad933eb0e42393156a50ca443

Scanner detections:

2 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/25/2024 7:37:58 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.DownLoader9.60811

9.0.1.05190

McAfee

Artemis!66D88C1A6FC4

5600.6326

File size:

1.7 MB (1,780,592 bytes)

Product version:

1.28

Original file name:

BitCometLite.exe

File type:

Executable application (Win32 EXE)

Digital Signature

Signed by:

Beijing Gamebar Entertainment Co.,Ltd.

Authority:

WoSign, Inc.

Valid from:

6/20/2011 8:00:00 AM

Valid to:

6/20/2013 7:59:59 AM

Subject:

CN="Beijing Gamebar Entertainment Co.,Ltd.", OU=WoSign Class 3 Code Signing, O="Beijing Gamebar Entertainment Co.,Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:

CN=WoSign Code Signing Authority, O="WoSign, Inc.", C=US

Serial number:

00DA9AAB1DF23493D98357DCB69CA015B7

File PE Metadata

Compilation timestamp:

5/26/2011 12:56:49 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:0yXWyJyYKLf1soTQG3HPMw0s0pwQxqXIf7uMP4dT:0yiYKLu1G3HUJoTy7uyM

Entry address:

0x1000

Entry point:

B8, E8, 75, A5, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 65, F9, 08, F7, 1B, D6, 8A, 25, 4B, 91, D7, 2A, 7E, FD, 67, CB, B1, 85, 4A, 93, 58, 53, FF, 11, 2C, CD, 9E, 5A, FB, 8F, 65, 1B, 81, E0, 62, 6E, 3E, 45, 30, F1, 50, E1, 73, 07, 99, 20, 34, 02, DB, 9C, 6F, 87, 23, 34, 53, B7, B5, 07, 7B, C8, 39, F9, AA, B7, 35, DF, E2, 1B, 0A, 81, AC, 16, B1, 3F, 8B, 05, 8B, 9E, 8E, 33, 84, 9E, 52, 88, 6F, FA, BE, CF, CB, C9, 9B, 06, DA... 
[+]

Entropy:

7.9935

Packer / compiler:

PECompact v2

Code size:

3.4 MB (3,540,992 bytes)

Windows Firewall Allowed Program

Name:

yisu7_downloader.exe

Scan yisu7_downloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.