49452.exe

스마트팁(SmartTip)

Maroin Co., Ltd

The application 49452.exe by Maroin Co. has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from sub.smarttip.co.kr.
Publisher:
http://smarttip.co.kr  (signed by Maroin Co., Ltd)

Product:
스마트팁(SmartTip)

Version:
1.0.0.1

MD5:
e0aa4e76b950197032eecdf363aa2975

SHA-1:
ec711bf7126e32506b835bfb99d01bdce0f950bf

SHA-256:
004bd0a9f6176e0f28ccab1e4126f7b3dadc75df90a52affaa7ff48bf6eb40c2

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/16/2024 2:41:17 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.12.29.22

File size:
415.3 KB (425,296 bytes)

Product version:
1.0.0.1

Copyright:
스마트팁(SmartTip)

Trademarks:
스마트팁(SmartTip)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\49452.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
1/14/2013 9:00:00 AM

Valid to:
1/15/2014 8:59:59 AM

Subject:
CN="Maroin Co., Ltd", OU=Dev Team, O="Maroin Co., Ltd", L=Haeundae-gu, S=Busan, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
45D35AE0597265A616314A55E3EBE91B

File PE Metadata
Compilation timestamp:
12/6/2009 7:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9331

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file 49452.exe has been seen being distributed by the following URL.

http://sub.smarttip.co.kr/opapp/.../STUpdate.exe

Remove 49452.exe - Powered by Reason Core Security