crossfire_131204_2.exe

KCS-Downloader

Smilegate Megaport Inc.

This is a setup program which is used to install the application. The file has been seen being downloaded from dl.crossfire.co.kr.
Publisher:
Kamuse, Incorporated  (signed by Smilegate Megaport Inc.)

Product:
KCS-Downloader

Version:
2.5.1

MD5:
a3081b9add0d06dbacc11fa7e420bab8

SHA-1:
4f94064fa5e4781c138b8cb412abcda47a084380

SHA-256:
fcea8ebd014dc7835bcf81b0a0d5c6bd3040e915be4468510fb471af3c5c1c05

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/28/2024 12:04:33 AM UTC  (today)

File size:
1.3 MB (1,411,968 bytes)

Product version:
2.5.1

Copyright:
ⓒ 2001-2012 Kamuse Inc.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\crossfire_131204_2.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
2/16/2016 1:00:00 AM

Valid to:
12/2/2016 12:59:59 AM

Subject:
CN=Smilegate Megaport Inc., OU=IT Team, O=Smilegate Megaport Inc., L=Seongnam-si, S=Gyeonggi-do, C=KR

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
7DB893D1483417AE59C4151D3AB33780

File PE Metadata
Compilation timestamp:
12/12/2013 3:45:14 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:S7rhUBzpjt0U4WTzr91lZaBQ7tr9/1EsuXzzyeLt6W:mDWfr9UBQ7tksufya6W

Entry address:
0x55BAA

Entry point:
E8, BD, 97, 00, 00, E9, 16, FE, FF, FF, 83, 3D, 48, 4D, 47, 00, 00, 74, 15, 68, 48, 4D, 47, 00, E8, B9, 98, 00, 00, 85, C0, 59, 74, 06, FF, 15, 48, 4D, 47, 00, E8, 95, 71, 00, 00, 85, C0, 74, 07, 50, E8, 3B, 73, 00, 00, 59, FF, 74, 24, 04, FF, 15, 54, 11, 47, 00, CC, 6A, 0C, 68, 70, 2B, 48, 00, E8, 17, 1B, 00, 00, E8, E5, 71, 00, 00, 83, 65, FC, 00, FF, 70, 58, FF, 50, 54, 50, E8, A6, FF, FF, FF, 8B, 45, EC, 8B, 08, 8B, 09, 89, 4D, E4, 50, 51, E8, A9, 8E, 00, 00, 59, 59, C3, 8B, 65, E8, FF, 75, E4, E8, F9...
 
[+]

Code size:
448 KB (458,752 bytes)

The file crossfire_131204_2.exe has been seen being distributed by the following URL.

http://dl.crossfire.co.kr/.../crossfire_131204_2.exe

Scan crossfire_131204_2.exe - Powered by Reason Core Security