| File Name | 点我安装.exe |
| File Type |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| Scanner Version | 1.0.190.174 |
| Database Version | 2024-09-22 10:00:29 UTC |
Malware family: Kaobeitu
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
7b737b7103fbc05d24e47014031b9e33
|
|
| SHA1 |
ed1166e1093eedeb4d826b71c2be28eac0d14a23
|
|
| SHA256 |
0387079f0a7d63a81d19c9709a90bb8d3328cf5b24e5fd7a01462556fb63c6d4
|
|
| SHA512 |
e32e3382333bed217110860422fdac2f381aa961005f0718e364ff00b23e835ab7d3e00048585a4fbc69ba9a85e6d1a34b7ea29d1a6472880567f0e83dee32dd
|
|
| ImpHash |
fb79ab7cb954bfd8ace3b0b0e84d9a5a
|
| Icon |
Hash: 66e6ef178be4350d2fe094e0e21e3170
Fuzzy: d72e992630861bc8c3a4b7b364b2f949 dHash: f8e4c2d2e0b8d8e0 |
| Image Base | 0x00400000 |
| Entry Point | 0x00529150 |
| Compilation Time | 2016-01-07 02:17:39 |
| Checksum | 0x00185078 (Actual: 0x00185078) |
| OS Version | 5.0 |
| PEiD Signatures |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| Digital Signature | OK |
| Imports | 12 libraries |
| Exports | 0 functions |
| Resources | 59 Resources |
| Sections | 9 Sections |
| CompanyName | 上饶市风云网络科技有限公司 |
| FileDescription | 91游戏安装程序 |
| FileVersion | 1.0.0.0 |
| LegalCopyright | Copyright(c) Jr.Software. All rights reserved. |
| ProductName | 91游戏安装程序 |
| ProductVersion | 1.0.0.0 |
| Translation | 0x0804 0x03a8 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
1,206,068 bytes | 1,206,272 bytes | 6.52 (Compressed) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
E77EDC3097343EC840F1DE27AE4A6FD5 |
.itext |
0x00128000 |
4,972 bytes | 5,120 bytes | 5.96 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
161B72B33B1DFBFF8F133FE90914C121 |
.data |
0x0012a000 |
29,180 bytes | 29,184 bytes | 6.04 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
67806B9D86E8B4D77F47DEC3E35A3876 |
.bss |
0x00132000 |
26,016 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.idata |
0x00139000 |
14,784 bytes | 14,848 bytes | 5.26 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
454A5F42594032D7C78BD74953CFA030 |
.tls |
0x0013d000 |
60 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.rdata |
0x0013e000 |
24 bytes | 512 bytes | 0.21 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
A64BC09D0A1638DD4FCB8F113ED4C21C |
.reloc |
0x0013f000 |
71,992 bytes | 72,192 bytes | 6.71 (Compressed) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
CD00C244F85711689D623690A2AD1A01 |
.rsrc |
0x00151000 |
233,552 bytes | 233,984 bytes | 6.83 (Compressed) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
2070AA0D3986360C6F85DCC7543DC33D |
3 section(s) with elevated entropy (≥6.5) - possible compression
| Resource Type | Count | Total Size | Percentage |
|---|---|---|---|
| RT_CURSOR | 7 | 2,156 bytes | |
| RT_BITMAP | 2 | 1,488 bytes | |
| RT_ICON | 9 | 25,064 bytes | |
| RT_STRING | 18 | 14,924 bytes | |
| RT_RCDATA | 13 | 183,933 bytes | |
| RT_GROUP_CURSOR | 7 | 140 bytes | |
| RT_GROUP_ICON | 1 | 132 bytes | |
| RT_VERSION | 1 | 624 bytes | |
| RT_MANIFEST | 1 | 1,580 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
OK
Gridinsoft has the capability to identify and eliminate Adware.Win32.Kaobeitu.vl!c without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system
