home

4.exe

ALZip

ESTsoft Corp.

This is a setup program which is used to install the application. The file has been seen being downloaded from blogattach.naver.net and multiple other hosts.
Publisher:
ESTsoft Corp.

Product:
ALZip

Description:
ALZip Self Extractor

Version:
10, 12, 22, 0

MD5:
e27a733c71e6b11b16df52501f5c26a7

SHA-1:
d585ec2f98035a82c8e6fd5be13d870a5824d471

SHA-256:
94e6e3f8792150ab3e3c2c124d6c397622c79d027a8ca4e7231b4e1756ea86cd

Scanner detections:
5 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/8/2024 4:51:09 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.DR.Pakes
7.1.1

Bkav FE
W32.DownloaderQSG.Trojan
1.3.0.4959

McAfee
Artemis!E27A733C71E6
5600.7015

Vba32 AntiVirus
TrojanDropper.Pakes
3.12.26.3

Zillya! Antivirus
Dropper.Mudrop.Win32.4757
2.0.0.1911

File size:
783.9 KB (802,739 bytes)

Product version:
10, 12, 22, 0

Copyright:
Copyright (c) 1999 - present ESTsoft Corp. All right reserved.

Original file name:
EGGSFX.sfx

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
12/22/2010 4:01:41 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:vy3IOfH3h+3Yc9ifn6njKd4d+0vNxChdjd5gtLAjb1VBBJ6AWNbhRu4Ux:vy3FRHc9an6njo0IstkjbbBKg4Ux

Entry address:
0x81B10

Entry point:
60, BE, 00, 60, 45, 00, 8D, BE, 00, B0, FA, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.9725

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
176 KB (180,224 bytes)

The file 4.exe has been seen being distributed by the following 2 URLs.

http://blogattach.naver.net/64f178c8d881805c7293f4c1f314601bb9ef12f6b6/20150705_260_blogfile/.../4??°-nwc 2.5 ?????g.exe

http://www.sspaju.org/?module=file&act=procFileDownload&file_srl=6050&sid=8016c5399907e36cf16770d5398ce3ac

Scan 4.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.