home

autoupgrade.exe

Wemade Entertainment co.,Ltd

This is a setup program which is used to install the application. The file has been seen being downloaded from patch.gemscool.com.
Publisher:
IO Entertainment Co., Ltd.  (signed by Wemade Entertainment co.,Ltd)

Description:
Lost Saga

Version:
33786

MD5:
b31c4676ff41f7548974fb195a06e033

SHA-1:
5ebad6c57984349f6233bc8b7d3b54858a06a1b5

SHA-256:
84732327321bbf73f1f49645e531e4b76d1025772ec0d916d7b5e25f1a31c3cd

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 11:36:41 PM UTC  (a few moments ago)

File size:
2.9 MB (3,073,656 bytes)

Product version:
0,0,0,1

Copyright:
IO Entertainment Co., Ltd.

File type:
Executable application (Win32 EXE)

Language:
Korean (Korea)

Digital Signature
Signed by:
Wemade Entertainment co.,Ltd

Authority:
Thawte, Inc.

Valid from:
3/2/2014 7:00:00 AM

Valid to:
1/10/2016 6:59:59 AM

Subject:
CN="Wemade Entertainment co.,Ltd", OU=IT Team, O="Wemade Entertainment co.,Ltd", L=Guro-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
476BF24A4B1E9F4BC2A61B152115E1FE

File PE Metadata
Compilation timestamp:
7/15/2015 10:32:53 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:ZSPnI0M8QX69CSOKkR3KBKmEw9oA//Sm1NQCerWcYNN6PrR+qd3lOBfHwYONeEUA:ZSPY69CSOKa3XwR9NQCer8NN6TQq2mey

Entry address:
0x16D9D3

Entry point:
52, BA, 64, 00, 00, 00, 85, D2, 74, 1D, B9, 00, 10, 00, 00, 85, C9, 74, 07, 01, C8, 01, D8, 49, EB, F5, 52, 54, 54, FF, 15, 40, B0, FD, 00, 5A, 4A, EB, DF, 5A, E9, 00, A6, BF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 02, 00, 0A, 00, 20, 1D, 00, 80, 70, 00, 00, 80, 28, 1D, 00, 80, B8, 00, 00, 80, 01, 00, 00, 00, D0, 00, 00, 80, 02, 00, 00, 00, 60, 01, 00, 80, 03, 00, 00, 00, F8, 03, 00, 80, 05, 00, 00, 00, 10, 04, 00, 80, 06, 00, 00, 00, 68, 04, 00, 80, 0C, 00, 00, 00, E0, 04, 00, 80, 0E, 00, 00...
 
[+]

Entropy:
7.9825  (probably packed)

Code size:
2.5 MB (2,630,656 bytes)

5 Windows Firewall Allowed Programs
Name:
D:\Game\Lost Saga\autoupgrade.exe

Name:
D:\Games\Lost Saga\autoupgrade.exe

Name:
D:\ONLINE\LostSaga\autoupgrade.exe

Name:
C:\Program Files\gem losaga\LostSaga\autoupgrade.exe

Name:
C:\Gemscool\LostSaga\autoupgrade.exe


The file autoupgrade.exe has been seen being distributed by the following URL.

http://patch.gemscool.com/lsaga/.../autoupgrade.exe

Scan autoupgrade.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.