12-울타리11378_setup.exe

raonmedia

The application 12-울타리11378_setup.exe by raonmedia has been detected as a potentially unwanted program by 7 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from cfile235.uf.daum.net and multiple other hosts.
Publisher:
raonmedia  (signed and verified)

MD5:
5a93ac05bcc01125a936ca0fc41e356e

SHA-1:
83e07eb36aac724be2c2191ada223c3382e5e1e5

SHA-256:
c214df7f160ca7d26c53c228ed109619ac0935211bcc8a26ea50cc68a6183a75

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 11:02:56 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3456

McAfee
Artemis!5A93AC05BCC0
5600.7112

Reason Heuristics
PUP.Installer.raonmedia.R
14.6.1.20

Sophos
Raon Media Downloader
4.98

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
29814

ViRobot
Adware.Agent.403888
2011.4.7.4223

File size:
394.4 KB (403,888 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
10/16/2012 9:00:00 AM

Valid to:
12/16/2013 8:59:59 AM

Subject:
CN=raonmedia, OU=Dev Team, O=raonmedia, L=Suyeong-gu, S=Busan, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
5FC2DE72EA6052BCACCB8BEA3BE6A522

File PE Metadata
Compilation timestamp:
6/20/1992 7:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:vhlpH6mBjwMQJHTu0Fqgi8aspJOSLXWC98ltwPWf:vvZ6m5baW8xLLEfiWf

Entry address:
0x1034F0

Entry point:
60, BE, 00, A0, 4A, 00, 8D, BE, 00, 70, F5, FF, C7, 87, 9C, F0, 0C, 00, 08, 02, 00, 26, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Entropy:
7.8095

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
360 KB (368,640 bytes)

The file 12-울타리11378_setup.exe has been seen being distributed by the following 2 URLs.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):
Connects to ec2-52-3-176-101.compute-1.amazonaws.com  (52.3.176.101:443)

Remove 12-울타리11378_setup.exe - Powered by Reason Core Security