home

C9.exe

Continent of The Ninth

Webzen

This is a setup program which is used to install the application. The file has been seen being downloaded from patch.c9.in.th.
Publisher:
Webzen

Product:
Continent of The Ninth

Version:
2, 0, 0, 0

MD5:
a92469661463b583e1893468f9aeb6c1

SHA-1:
3023a721621a1e8e8571d2f89b27b46f695b3437

SHA-256:
7f0df81b5a8dce1f73887f27b765f45b0f9bbfc947dcad73d971829c628b40fb

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 10:19:32 PM UTC  (today)

File size:
12 MB (12,564,480 bytes)

Product version:
2, 0, 0, 0

Copyright:
Copyright (C) Webzen 2008

Original file name:
C9.exe

File type:
Executable application (Win32 EXE)

Language:
Korean (Korea)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\c9.exe

File PE Metadata
Compilation timestamp:
6/23/2016 2:00:56 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
196608:+D4ypnAzIRTig5GplpMnyw4XLXPliRghMqpNtc/BByL0nEakT81B2Sc:y3pnjpijMsLXURghMqpNtc/jylp81M

Entry address:
0x64721F

Entry point:
E9, 04, FD, A7, FF, 79, C6, 67, 1A, 0A, CC, 56, BF, 14, C0, D6, 31, FA, 43, 24, 98, F4, 28, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 88, F7, E9, B7, B9, EF, 91, 4C, A3, E9, 32, 10, 4B, 2C, 52, A1, 4F, CD, ED, EA, A3, 3A, 6F, 2E, 08, 1E, C6, 91, E6, FA, FC, E1, C9, E2, 37, CF, 1F, 33, E9, D4, 17, E9, 4D, 7F, 9A, 3A, 4A, 03, 65, 0C, 42, 1E, D1, 43, 8C, E5, B1, 61, 7D, A0, FB, 1B, 8F, BC, D3, AA, E7, C4, B0, 16, 82, F1, A2, 7C, 62, 2B, 38, 54, 85, 77, 52, DB, D9, DE, 6C, 53, E1, D8, 8B, E7, 57, D2, 95, 40, A8...
 
[+]

Entropy:
7.8957

Packer / compiler:
Xtreme-Protector v1.05

Code size:
18.1 MB (18,949,632 bytes)

The file C9.exe has been seen being distributed by the following URL.

http://patch.c9.in.th/.../C9.exe

Scan C9.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.