fastapingrebirth_x64.exe

FastaPing Rebirth

Dongwoo Shin

Publisher:
byCPP  (signed by Dongwoo Shin)

Product:
FastaPing Rebirth

Version:
0.0.0.0

MD5:
830e5b97419b6b3fb50621bd006f4148

SHA-1:
2e25df9493b8f3dba690fd461e2f52e2b04a335b

SHA-256:
299a0449a67e34073dedf47865f31683914435c7d3d6323dfba0558428239201

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 2:36:47 AM UTC  (today)

File size:
258.2 KB (264,440 bytes)

Product version:
0.0.0.0

Copyright:
Dongwoo Shin(http://www.byCPP.com)

Original file name:
FastaPingRebirth.exe

File type:
Executable application (Win64 EXE)

Language:
Korean (Korea)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\fastapingrebirth_x64.exe

Digital Signature
Signed by:

Authority:
StartCom Ltd.

Valid from:
5/9/2015 8:41:38 AM

Valid to:
5/9/2017 1:52:05 PM

Subject:
E=shadow26@hanmail.net, CN=Dongwoo Shin, L=Daegu, S=Taegu-jikhalsi, C=KR

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
11850E4B32C032

File PE Metadata
Compilation timestamp:
5/25/2015 7:03:48 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
3072:iJZ3VuvzPKaIU/8UEG/0X5ZWz0TLLzjQB6TEtZHNmLZGOfa4IJu67vIMkUS2ZPwC:IVmDQbDp44TLLzjd4tZUNGOfaJllS4R

Entry address:
0x18BD4

Entry point:
48, 83, EC, 28, E8, 43, 59, 00, 00, 48, 83, C4, 28, E9, 36, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 4C, 8B, D9, 0F, B6, D2, 49, 83, F8, 10, 0F, 82, 5C, 01, 00, 00, 0F, BA, 25, 14, 38, 02, 00, 01, 73, 0E, 57, 48, 8B, F9, 8B, C2, 49, 8B, C8, F3, AA, 5F, EB, 6D, 49, B9, 01, 01, 01, 01, 01, 01, 01, 01, 49, 0F, AF, D1, 0F, BA, 25, EE, 37, 02, 00, 02, 0F, 82, 9C, 00, 00, 00, 49, 83, F8, 40, 72, 1E, 48, F7, D9, 83, E1, 07, 74, 06, 4C, 2B...
 
[+]

Entropy:
5.9864

Code size:
154 KB (157,696 bytes)

The file fastapingrebirth_x64.exe has been seen being distributed by the following 5 URLs.

http://low.software.dn.naver.com/f4b6ad4977ab8009690176bd4ebbf8c8/.../FastaPingRebirth_x64.exe

http://cfile3.uf.tistory.com/.../262DAA485564255D2BEE70

Scan fastapingrebirth_x64.exe - Powered by Reason Core Security