» xm.exe
Overview
Analysis
File Details

xm.exe

Wellbia.com Co., Ltd.

The executable xm.exe has been detected as malware by 10 anti-virus scanners.

File name:

xm.exe

Publisher:

Wellbia.com Co., Ltd. (signed and verified)

MD5:

e3da0de77f6e5617809181f700957134

SHA-1:

857047d8b1234935b110eba4354ed275b5652e1e

SHA-256:

3a8a028f4e7d252c5b56262ffb3cac6a812b719eb8309aeaaf8f98adf8621c86

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

5/27/2024 4:59:54 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:GenMalicious-BFP [Trj]

160518-2

AVG

Win32/Floxif.A

2015.0.4591

Dr.Web

Win32.FloodFix.7

9.0.1.05190

Emsisoft Anti-Malware

Win32.Floxif

11.5.0.6191

ESET NOD32

Win32/Floxif.H virus

7.0.302.0

F-Prot

W32/Floxif.B

4.6.5.141

F-Secure

Win32.Floxif.A

5.15.96

Kaspersky

Virus.Win32.Pioneer

15.0.0.562

McAfee

Trojan.Dropper-FIY!E3DA0DE77F6E

18.0.204.0

Norman

Win32.Floxif.A

28.05.2016 15:32:18

File size:

412.8 KB (422,725 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\garenapbth\gamedata\apps\pbth\xigncode\xm.exe

Digital Signature

Signed by:

Wellbia.com Co., Ltd.

Authority:

Symantec Corporation

Valid from:

1/15/2016 12:00:00 AM

Valid to:

4/15/2018 11:59:59 PM

Subject:

CN="Wellbia.com Co., Ltd.", O="Wellbia.com Co., Ltd.", L=Guro-Gu, S=Seoul, C=KR

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

23F0ACD9C1BFFED5078AB10F9F39DC07

File PE Metadata

Compilation timestamp:

4/1/2016 12:29:04 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:ROjvXYLdEJ+jQ1i6B4ZphYZM1qtLWTenQsQvMRlkM4RD/qzMfUhaJ:yvIeYjXFDTxMRGM4h/qofx

Entry address:

0x609B

Entry point:

E9, D3, 43, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 56, 57, 33, F6, BF, 58, AC, 41, 00, 83, 3C, F5, 0C, 92, 41, 00, 01, 75, 1E, 8D, 04, F5, 08, 92, 41, 00, 89, 38, 68, A0, 0F, 00, 00, FF, 30, 83, C7, 18, E8, AC, 9B, 00, 00, 59, 59, 85, C0, 74, 0C, 46, 83, FE, 24, 7C, D2, 33, C0, 40, 5F, 5E, C3, 83, 24, F5, 08, 92, 41, 00, 00, 33, C0, EB, F1, 8B, FF, 53, 8B, 1D, E8, 50, 41, 00, 56, BE, 08, 92, 41, 00, 57, 8B, 3E, 85, FF, 74, 13, 83, 7E, 04, 01, 74, 0D, 57, FF, D3, 57, E8, 50, DF, FF, FF, 83, 26, 00, 59, 83, C6... 
[+]

Entropy:

7.4350

Packer / compiler:

Xtreme-Protector v1.05

Code size:

79 KB (80,896 bytes)

Remove xm.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.