20130228141436-naver_toolbar.exe

네이버 툴바

NHN corp.

This is a setup program which is used to install the application. The file has been seen being downloaded from appdown.naver.com.
Publisher:
NHN corp.  (signed and verified)

Product:
네이버 툴바

Version:
4.0.15.232

MD5:
2ab84fa59d5aa529fa9a4e706a55b147

SHA-1:
053a191e4cd20f8690cea7feee6305c560712e09

SHA-256:
1d54b6dbe724d1fa86696dbb75ba21935dee3d198f040aa4c56ca192b0f5381b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/25/2024 6:12:46 PM UTC  (today)

File size:
4.1 MB (4,278,280 bytes)

Product version:
4.0.15.232

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\20130228141436-naver_toolbar.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/30/2012 9:00:00 AM

Valid to:
1/30/2015 8:59:59 AM

Subject:
CN=NHN corp., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=NHN corp., L=Seongnam-si, S=Gyeonggi-do, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3462054A5EFE7545487F4F1548708CB4

File PE Metadata
Compilation timestamp:
10/8/2010 2:00:58 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:KrXZMj+Kbr5xCOcE4PMIP+FC4bY2e71kN4l+xEEQi3:KrXZMjpr51X4PMIP/4blB4tEQi3

Entry address:
0xAEBA

Entry point:
E8, DD, 31, 00, 00, E9, 17, FE, FF, FF, E9, 04, 18, 00, 00, 51, C7, 01, 50, BB, 41, 00, E8, 5B, 32, 00, 00, 59, C3, 56, 8B, F1, E8, EA, FF, FF, FF, F6, 44, 24, 08, 01, 74, 07, 56, E8, D8, FF, FF, FF, 59, 8B, C6, 5E, C2, 04, 00, 8B, 44, 24, 04, 83, C1, 09, 51, 83, C0, 09, 50, E8, 9C, 32, 00, 00, F7, D8, 59, 1B, C0, 59, 40, C2, 04, 00, FF, 35, 18, 1C, 42, 00, E8, F5, 2B, 00, 00, 85, C0, 59, 74, 02, FF, D0, 6A, 19, E8, 1A, 20, 00, 00, 6A, 01, 6A, 00, E8, EB, 33, 00, 00, 83, C4, 0C, E9, F0, 32, 00, 00, 56, 6A...
 
[+]

Entropy:
7.9346  (probably packed)

Code size:
100 KB (102,400 bytes)

The file 20130228141436-naver_toolbar.exe has been seen being distributed by the following URL.

Scan 20130228141436-naver_toolbar.exe - Powered by Reason Core Security