home

C9.exe

Continent of The Ninth

Webzen

This is a setup program which is used to install the application. The file has been seen being downloaded from patch.c9.in.th.
Publisher:
Webzen

Product:
Continent of The Ninth

Version:
2, 0, 0, 0

MD5:
a4c34b265fe6bd868176ce2d4dc0ebe5

SHA-1:
3899c9354a8bb3d4aae7924cfb33672d61631293

SHA-256:
64fd4c80114bb6cc7a02b403032c02148bef140efe4baf5cb5f343c913d0a51a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 10:30:20 PM UTC  (today)

File size:
12 MB (12,570,112 bytes)

Product version:
2, 0, 0, 0

Copyright:
Copyright (C) Webzen 2008

Original file name:
C9.exe

File type:
Executable application (Win32 EXE)

Language:
Korean (Korea)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\c9.exe

File PE Metadata
Compilation timestamp:
5/31/2016 10:40:15 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
196608:cEgK+KNqB3WEZ0AutAsb5StulKVolTokzed1bgY3T8qFTwN/QM:cEgKf6utv5ZllThedxX3Xs/QM

Entry address:
0x6467EF

Entry point:
E9, 64, 00, A8, FF, 3C, 84, 7D, 8B, 24, CC, 42, 1D, 3A, 8A, DA, 6F, 0B, AB, 03, 42, 53, 82, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 15, 45, 1B, D8, 4A, C6, C3, B3, 08, 7A, C5, 09, 67, 2A, 00, 2D, B7, 13, 39, D7, 7E, 6F, AF, BE, 7E, 79, AE, 05, 6D, 49, 19, 93, 92, CA, 6F, B6, 2D, 1A, 44, CF, 43, A7, 89, 63, 94, F9, 8F, F0, 47, 64, DA, D1, ED, 22, EC, 97, C8, A6, DE, D3, BF, 37, 39, 03, 90, 59, BE, 51, 55, 23, 4C, 7A, F7, 5E, 62, 75, B6, B0, 26, 3C, 09, 9A, A3, 55, 94, 8B, BD, 08, AF, D5, 30, 64, E3, 95, EC...
 
[+]

Entropy:
7.8956

Packer / compiler:
Xtreme-Protector v1.05

Code size:
18.1 MB (18,953,728 bytes)

The file C9.exe has been seen being distributed by the following URL.

http://patch.c9.in.th/.../C9.exe

Scan C9.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.