GridinSoft Threat Intelligence

yMBpX5.9Mk file report

Under review File reputation report
MD5 c6d182150ec67b517d803d75e6e48fb4
Latest seen 2022-10-01 23:40:28 (3 years ago)
First seen 2017-05-21 21:05:20 (9 years ago)
Size 155 KB
Publisher Tencent
Product QQ电脑管家
Signed by Tencent Technology(Shenzhen) Company Limited

Why it matters

Evidence available for this file

Detection

No final classification is available yet.

Timeline

First seen 2017-05-21 21:05:20 (9 years ago); latest analysis 2022-10-01 23:40:28 (3 years ago).

Publisher context

Company metadata: Tencent. Product metadata: QQ电脑管家.

Digital signature

Signed by Tencent Technology(Shenzhen) Company Limited. The signature is reported as valid, but signed files can still be bundled or abused.

Aliases

This hash has appeared under multiple file names, which can happen with repackaging, bundling, or deliberate renaming.

Observed locations

ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.

Recommended action

What to do next

  1. Use the hash and metadata below to verify the exact file identity.
  2. Review publisher, signature, paths, and PE details for inconsistencies.
  3. Run a local scan if the file appears unexpectedly or starts with Windows.

File context

yMBpX5.9Mk is a Windows file recorded in the ThreatInfo database. It is associated with QQ电脑管家. The reported company name is Tencent. The current detection status is Undefined, based on the latest analysis from 2022-10-01 23:40:28 (3 years ago).

ThreatInfo does not have a final classification for this file yet. Use the technical details below to compare the hash, size, signature, and observed locations with the copy found on your device.

File Details

Product Name: QQ电脑管家
Company Name: Tencent
MD5: c6d182150ec67b517d803d75e6e48fb4
Size: 155 KB
First Published: 2017-05-21 21:05:20 (9 years ago)
Latest Published: 2022-10-01 23:40:28 (3 years ago)
Status: Undefined (on last analysis)
Analysis Date: 2022-10-01 23:40:28 (3 years ago)

Overview

Signed By: Tencent Technology(Shenzhen) Company Limited
Status: Valid

The signature on yMBpX5.9Mk is reported as valid. A valid signature helps confirm publisher identity, but it does not automatically make the file safe if the installer was bundled, abused, or downloaded from an untrusted source.

Common Places:

%appdata%\tencent\common
%system%\config\systemprofile\appdata\roaming\tencent\common
%commonappdata%\tencent\qq\report
%sysdrive%\adwcleaner\quarantine\files\axonnimseoxrennphrokpkxtynabcnlu\qq\report
%sysdrive%\adwcleaner\quarantine\files\xgilvmuhaqnevthsumzhmqamqishyanu\common
%programfiles%\tencent\qq\bin
%sysdrive%\programdata
%appdata%
%localappdata%\virtualstore\windows\syswow64
%localappdata%\virtualstore\windows

ThreatInfo has observed yMBpX5.9Mk in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.

File Names:

394 observed names
gjdatareport.dll report.dll 5Q8L63t3O5fU2.3tX 7zi8i.txt csVWb8gNlpk7F.dn4 guESdDyL6tSd.46A 3h9MC.txt 5W33v6tbvw2.xml brk1p2K1GW59.k47 iCxoD8Eb8m.dat KNam3x8PQsKG.K5W jBI6D8 T61u6Rw4K39.dat hiPQKSvG6lBYn61.i8F cDBzN3.log 141sYkW.HI9 4H56ZJ8H.2B8 sUB95.Z2j XV4oJdLstPu.Yl9 5hFSHJ.txt X7qt2OgJT8kH7.84j q37S8a457G.dat E5nQore8WD3oH5c.tmp Z72SXTDM.dat I3C8IuLQ54K3AH.tmp OAFz52qj7A RC524t5u2.pv3 VWVp9ig14u5.ZoU J7R14p551.7rz 2xvcc1Yh1Eje.dat 2Su5G.dat 1IM3V9Yy.2eu XjcfdCV6FJ2EWh1.txt Jlryd2.bCU g5fq2 pZ3ew6Uz3q.4u9 FFC4kHv2w4.log 35f2xxY7WEW2.GHa SzfHs689N.tmp u1eh8p2.dat q69MT35.FMu dr.dll KegVnr5R8J 19qn5.xml yb8Bze5W.xml Sle2PnsmBU5GvMU.67r tcbo91.7at 5KpmB.D43 u11uCHxi3.TYB MQBxj2WCt899pJ.log 1odxLVU.log I9Y25s5B7pb.tmp mnVki3lpru.drN 24YFk.23I u8wO93ib.bNI X8U4Q2IoZ5HDRWC.xml YcxrI1IEnG.txt XG81wv98q M8qR6odA3.log 9AhjB67H13KF.m3N 8Lx2d8.log 8yMzsS7.xml u7eB4.z7N yV5dd4R1786xu.jGu 1V6CY6M.Tek 32fhW.25h S9EY9I8EeSF.tmp lvTcMi2.Q3B wMTEzloesXES ef1i8I.81r vP9wi969u.tmp 6OW7oEQnvV9bOvj.txt Xl33zpo6OsiE2k.9H6 967wT8fw2.6Ml 3L4yo1Zx165V75.CLX b89Krc3uPVcb.o6r r437jI5cki4L.dat qqQa1.1Nt s46cPRij8pIe.xml jKq9aG9.tmp 5M6cvd.ZG3 T6j5NoG4b4.dat jrdAhd4n.l85 65XB643v69yQ.1iW LRhY4rYu.log T2n98oS.xml x6RC4chg.dat 1l5i29XAIg7l.ue7 DtfM6CBCm8o.log baqQkN.uxb etEU21Mx71uwm5 4ham16K18z8G5.log 1y34MZk96q2s.151 1zjXQJll7L6159 38ByN8BiW.gzW 8wfrFa.log L3hoH2X9AIr5.txt 35dPRt869C54ZP2.log 7UHD71Q8.1Q3 Z15Bfu.s3m 681gIilp96.nIG wYu8i315XN914V6.641 87Cr9M81122yji4.dat dWq71lR3ZEj.85b EZqj2UT3Th4s.lO5 9uNobFapN.dat l1SJU4i.mti WXE3453e gTVOk9oI.4JF GurSsaQsS.622 ocv4TKA92t.tmp kr4Y6x49et.AmJ 5Pp7J6.dat TU2fq8uL5b.xml Lf2N24z9e.log oSKmx9G9z2519H1.xml GoPbD6TF9kUg H57fEwq21Z8pVT.iKl DO3974.log 7QB36LA74Bo.6X5 6qULu.s88 1z5nqaTn5W.ZK7 8SPcfpr4TK5j.log 1UDxiDOBT4pu56i.cUk M6OLLSYv.txt 522u1382Yr.xml LWoBeehc6fU.log sGZz62li5m.xml WCtOF8kzTWfZ52F.log o4NOS.GO6 WorVhtqO2.L46 L5CCLP2MB6M.TCu Q4gbZb9XG.xml prQn4b3sl4ZJ.MBQ gE5Q883Bjfo 86972KvQ.uK5 gUBlX3u.dat Nj5981DZSlPJo h3Y8DtT.I8d 6P6nHi6E94nRI3.txt WviWAhm13B.tmp UDyFwX4z8.5J5 fCeKVU69Fs7u6.log 6O7V1bJ.Dbb 34FG5.1jF 6BovFz.log 429j9p.4LT WRN6GG5cS9fb.dat R9ydbU12.61w 9Zq5QTY6.tmp 8SQQ689.x3R Do6uBa19k64Y7cO.jU5 JIBf8ox3631ik.tmp A2bRf91E.dat Jzcxp2h.MoU c28dTL5yp8ljo2X.8b4 RYT6n39PY622Cm4.ic7 z5BOPr.j7G qMX8224mv.I36 q7FKa7g93.41o rm598SI9S3t6WxZ.xml 8An2y3Us6bg95.l92 I9VGTUp.747 z61Zk.xml 9Ud841394k2WC.25o hr9EkQhL.xml f511j.l4E gOzQ92J468K7.C77 iRpLdSnMxPc.C1t Tv8epY4Wi.txt KADKO.V1t Jg8qv5.7vf yYN5v4FP2ZYO.dat A6ixY.7o3 M89jv6.tmp aCCfSUp.log 7R3Szv.log 71RvmNU7Pt8Te61.log 5SkWXbhJ7kM.9d7 9xIjIa3.log xCc96RDE5t.k9k 74Qdx91ka7D 1249399mLk.wmm 93HkSt2wB86U.qS2 4HVbf6M.CP9 qE1HD.xml 81rE519dEz B57GUu.8si t96kcJ7Xkl.nG7 xu36yR.tmp j82Ej8Zfud.3KO X1fKT7D76OWqP.xml Oivz1N2a3CQ.dat FQPcq9utZ7F7B.txt 1hc1M.log m1p3VBp55N6iy8.dat h628631e2Mr.Po8 rMKzN.dat VN691pCW.D2C 8GSE3Vdv9pWy.fUa 541uwO.a2X R678TD7Rk5a.iWV Y6ap3g.tmp xTUhe5l1R.dat AJuRxxYFS1pJR.14Z eBjk3 Ryf6N1X37dR.txt cHyAZwu9k2K3P53.xml qDOdMUM8V1A2.xml 36q8pe1.47Q 4x8Dn8ZIY2y.txt HDSUyC4wf.o45 F1FtE.C3g f5533mh.2UL urPQbc.576 512893At33Ou.log aMIo1R.66a Agn44665B.dat AOJd333w.PI5 Xu4psfPYbhblGJ6.4n7 xQ4tA5H.txt 4rP6499Z.tmp 3mrEda.log arUjGLqCJE8Oq.l2O r8CB28 Sj62Cg42263.pEn c9wMUk11jLW4jTp.fHc P4C97Bf35.dat u8En7VS3F.72F EcJdtTF7 8cDj62.JT5 67b72rC31.tmp 4I2doIt1PM2.xml z7xF83c53Yi81i.hEe yzg722r.7db KNOJTnLvF6J.log 6961Uck69jk6.dat GDikNmgePA.3WX Me8dgdFV6LcED.dat O1o14r5.wva 9DknR54.51J 7knx496o9LLj5 x53c3.txt xB88t.iB6 72RQJXqgd3.Q92 kfwPu.dat vI3QlzF3O.yn3 BeBt5Nj5Mlihzi3.8nk M7Inx7UHuHL8G.gDl iRi6o9azS.tmp kTy441H3lWwib.xml F24Jf9nwms8d L2IxZ71pH51b.vc9 ir6XD46.Bvm G49hbKcslic.tmp rIoodFjrvu.log Xjghih HAg9p3v7gc357eE.67X c7UQ71Q.497 FjMeT29Z3472rPd EfGt2Uae.J8Y nSm6zrBP.Py6 MW373c.txt cOWt49FxLuVw3.log mRKGd.INN w87QXO2.xml Bpj363Y4U.MbZ bJKbe9D4xLnkla5.xml d8i5Ho2G466o.xml H9oK27DG.c32 RrY87xo1oF.T1G 5F26x bbcd5LkbtmFONV.xml 58ai2QJ1.2kY YVg97In3jFi3K65.dat uNU4ah2h.xml Jkrr52.W4M DB8Xn7ALE.AtF iw9wLL1g.Ymi hV5e9Dc.txt K2w7Wi7.623 2l6sbV54K6V 469Q27yfs9BSF.5yg CmE29RNBNcdO.xml 7utNI8RGanT.xml k6j2E.txt 8U64dZV1V.tmp spXOrUNFAdjXcB.xml Ej6UsPoz.ftK 89blKqOQG5IE2.dat 3W2WPSh7mo3jh5a.txt iCNl98W31A.tmp 13In5ZD7T8G7p9.9LH 77dwF5E4XEs534X 4oaem3qbpIVEf8.txt PaaGFe8Zgj71.log NO25YZI.txt mZK3Lpw2tk.log DgEL3G7KG45cVv 1WIh2.77l tHH9sXGO46Sv.r3T N98Ldlk8Vi.dat dE7VSnqSqI.log 8Az7mwW28.6UW miDUavQZf.xml U97F3wgsgIOiv.Hep 4rkYe634sK.956 eE2m7t6B17FQ.tmp 5OHy1512 6oDdPx.XM9 tSi82hKZt5833.dat C36G3SAPS36.5Hx H79zZ6sM3L3.log 27Rav4X3wPV.Y83 OLy1z64722kN.log 1d44EBw7U8Nmx24.FlG XD6da6KNfP6tS84.dat 97415Zq9.QW6 N25Itpz7.roM 2Wihy.xml ebx97q351W.dat 7MP2iv9CU7a.7yb SkyVuKR4hi.qU3 XK5929.tmp Yc3PSO48v7ufvG.log bzn19W8SjPKC 3Kqy6ZuXXYN.65R AJ9K9Lv.6xn 3buF7arPo5i1T1.xml Ehk21414J8.bu1 wNbtU9.xml t7eFlA2F1v.XWf 164J7Rj hNX4u.6Yu x5p2ZG7.m28 s824Db1Z.s89 U7ffqDiVAR 1EIirJpWXJMF.hss 4n4kw3IA839.tmp r5dy3t8sy1.oz6 j991FS7PUTzQm.Ru6 JGPNSB68XS.uiC dGh3688ukERbVv.7I1 3R1GSDw1.tmp Ka2ZN6ypqyQCs.c7I YT8mEfbOiTk.Q3W yQd3Wc.txt VC7x46z1BC62Kt.tmp 69va6GK.NNZ da4l9.txt x2rt1979.8Ng D3dJPCa5Q.xml S1Ac612B4R1.Y8C v1V8mt.txt 11PT9tcpldg.l3P yE44Ehmz2.txt u1Om73q s2p7UKSf9K4UE.tmp WbNRYn3s5fxwM1.dat nZNVVb5t7UJdW hd8B5476x6.w68 SWoVr.ra5 VopvH.xml P3GITN6S5F.G6g ZJzc6e9.log gw832f5S.tmp r7UnyV5n1Jsct 13UTJYSWgd4X9.tmp Mimsd1f1Xd.Re1 Sf7u6vaZq6.log 9wdD6N.Ya7 Cg11BaT2Y9.xml Z5YKzsl1.tmp w63D2yl78z.tmp 46TM3NGHdG.tmp GKv9s3CO.Y9P 2c328S982 diD6Y53L9aO3v.log ZC2oh5r3p.L41 2Kllzsfs46QWcQH.tmp Cmmgd 85rXdlgzG9V5l.6wG S8Wt9a4sF4yNjL.hct l3li8KT6XHyDc8.Cd3 lxb8441Wsp.dat 5glQkBgs6M.a1I C24o2CJ5J7.txt UBB97Q5oGbXR.log S6XI5X.14U pNfa34.NYf g5Rqo4pq.bUA jJn1u954yIJk4p.qfz SGMRTDD1B.6wS yMBpX5.9Mk

This hash has been seen with multiple file names. Alternate names can appear when software is updated, copied between folders, packed by an installer, or deliberately renamed to avoid recognition. Compare the exact MD5 above before assuming two names refer to the same file.

Geographic signal

Observed country distribution

ThreatInfo has seen yMBpX5.9Mk across 37 countries. Use this signal to compare local evidence with where the sample is most often reported.

Top country China
Share 38.4%
Low High activity

The strongest geographic signal for this file is China with 38.4% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.

OS Version:

Windows 10 75.6%
Windows 7 18.8%
Windows 8.1 2.3%
Windows Server 2008 R2 1.1%
Windows Server 2012 R2 1.1%
Windows 8 0.6%
Windows Server 2016 0.2%
Windows Server 2012 0.1%
Windows XP 0.1%
Windows Vista 0.1%

The most common operating system signal for yMBpX5.9Mk is Windows 10 with 75.6% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.

Analysis

yMBpX5.9Mk is identified as pe for 32-bit systems. The subsystem is Windows GUI. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.

Format pe
Architecture 32-bit
Subsystem Windows GUI
Entry point 0x0005abc0
Image base 0x10000000

PE Sections:

Sections 3
Raw data 144896

Section layout highlights raw-size concentration, repeated names, packer markers, and hashes that can be compared across related samples.

UPX0 0 bytes · 0.0% of section data
Packer marker Uncommon name
MD5 00000000000000000000000000000000
UPX1 142848 bytes · 98.6% of section data
Packer marker Uncommon name
MD5 b99482da59329447b43f968f77801ff8
.rsrc 2048 bytes · 1.4% of section data
MD5 2055b3dce03b2afa5284f5ac62f4305a

PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.

Report conclusion

This file is still under review

ThreatInfo has not assigned a final verdict yet. Compare the file hash, location, signature, and publisher before trusting the file on a production system.

Scan with GridinSoft Anti-Malware Use a local scan if the file origin or behavior is unclear. Check this hash on VirusTotal

Recommended next steps

  • Compare the local file MD5 with c6d182150ec67b517d803d75e6e48fb4.
  • Check the file path, publisher, and signature against the details in this report.
  • Run a GridinSoft scan if the source, path, or behavior looks unusual.