glyphinstall.exe

Trion Worlds Inc.

This is a setup and installation application. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
Publisher:
Trion Worlds Inc.  (signed and verified)

MD5:
2b6b96fad40125b048ccea91977804eb

SHA-1:
4128cbb89fc765490658889f35dabb262759e345

SHA-256:
13e7ce0910bd1e0874e4a96f17621e3978f0204e3a1d8f25efbe6e04f41ab1cf

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 12:48:29 AM UTC  (today)

File size:
31.1 MB (32,593,272 bytes)

File type:
Executable application (Win32 EXE)

Language:
Greek (Greece)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\glyphinstall.exe

Digital Signature
Authority:
Entrust, Inc.

Valid from:
7/9/2015 11:41:26 PM

Valid to:
7/10/2016 1:17:13 PM

Subject:
CN=Trion Worlds Inc., O=Trion Worlds Inc., L=Redwood City, S=California, C=US

Issuer:
CN=Entrust Code Signing Certification Authority - L1D, OU="(c) 2009 Entrust, Inc.", OU=www.entrust.net/rpa is incorporated by reference, O="Entrust, Inc.", C=US

Serial number:
4C17AFA1

File PE Metadata
Compilation timestamp:
7/13/2015 10:44:19 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
393216:5GCjGUUWnZFeOrPoMuG43/xbpzcj+6HLhtlzoQXzfWCvK41VaeOK0g/1V/W9p48D:5HLnHrjuPA5HVQQXDvvtaDNy/YKXa

Entry address:
0x13CA0A

Entry point:
E8, 28, 25, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, EC, 18, 8D, 4D, E8, 53, FF, 75, 0C, E8, 9A, B6, FF, FF, 8B, 5D, 08, 81, FB, 00, 01, 00, 00, 73, 60, 8B, 4D, E8, 83, 79, 74, 01, 7E, 14, 8D, 45, E8, 50, 6A, 02, 53, E8, 4E, F1, 00, 00, 8B, 4D, E8, 83, C4, 0C, EB, 0D, 8B, 81, 90, 00, 00, 00, 0F, B7, 04, 58, 83, E0, 02, 85, C0, 74, 1E, 80, 7D, F4, 00, 8B, 81, 98, 00, 00, 00, 0F, B6, 0C, 18, 74, 07, 8B, 45, F0, 83, 60, 70, FD, 8B, C1, E9, D6, 00, 00, 00, 80, 7D, F4, 00, 74, 07, 8B, 4D, F0, 83, 61, 70, FD...
 
[+]

Entropy:
7.9814  (probably packed)

Code size:
1.5 MB (1,536,512 bytes)

The file glyphinstall.exe has been seen being distributed by the following 18 URLs.

https://dw.uptodown.com/dwn/zlmnWrnlY14u97WnRvdu-6uFUxwN36Uzee140KKXFQHgXZ0J3mN7G0B6Qp7fEn_OS-4BjZ6abKbo4exGMO_S9KT4v4BCrYFxDIzF7L4_eJGY1UVQQ6T9CguOL4Wzh_gL/Nl0EAGKL3Ogix1DU7PhyznlsMHbEgJrUNa5QJFjT2k5sZx35dKBiQeG1fxfMQ72-xyQNX-o0hKKGy4mhjHwb8s5ocPbB_QKWUZNE2i5OSZr6_zyj0y3ivebOljHU1--_/XFlELA9EObyTzCTor1N3ETVkEi8xOzcTA98MKf8f6qsV6OLQFo0Obv3M9f9w8xGHyHB4pCt3BMWJEE5YvAmZt7rYuCJZ5PrzGHGeDklEbWMFtrZ750CHxleLmtIneIEF/.../

http://dw.uptodown.com/dwn/RHd0t2nmeDLVdf5Z75wLrBHFHlFrE3aGqMWNFzuQ0du2mxSiaHAgfbDHYIjgV3ir404iTsuQ-gSY3-WQuE-iU-y-FZRyo-LMsGQFngncuy0zqYSPZenFRAVV9wklenpz/kjLzpMHJ5gBS_awbkNRMDMjyqt5bYKAkCyNasxXRMwBRDkZxM1PbBkxQcJVyF7KEmqbar3HjJ73yIYSVy30HR9AepU_mUnwUBx90othbu1260uL_q5XbLHrnbpY5uACq/wE_ebxQPN5tc3tocy1TcdrAXrGga3WqBAvzbDIlFl6llm3Yn0cwWmyikRls1Loegpc8dPPtBN0IBAo-qI9hOOLUtuV5fWLj2GmlmrAkMqxsHAAjRhzyCgcouRC5hB9Cq/.../

https://dw.uptodown.com/dwn/5yCnYPI5wSjG05qny6Q63nsykl7NLR16W6T3vjr-NPiLg5mGbEJEAlabaZ58DEXfkm9UekN7DWHTiLpjpsJaxeNKSrIYPkGSRCRI2ovp2fi6TjyeB2Yxdla3jXbe_b0W/own88H2F0LE6BZfIm3qfTwcvZLafaUU9QF3puP8pWkPedf0hTcqL991ltdtXg6NdYgqgv5VqnOkEQZvirEIv8_FVN2i6wqKCIXIXYdIZqGEA7GxBcmj6rMsHXvIbZ3D1/Go-UDLot8THdl-V1NlDSmfIFP1yfnKEGUyKvY3Nw9nLGAbmd-zBBZs_x15ArPbM_5RZa8bfpiYqgIHXs28jJNBOovSZ1_9-u-bxPt6oxpCezgpQE0JirOtRuhT1kS7w7/.../

https://dw.uptodown.com/dwn/JatZZAim_5qmCU3U5tTw-POlVkkCd-FxwC8fSLp9Enh6jOP8SZ9k4wWLc5msE8UzLgtfrTcm8n6dHR9Ov3mZWlLV843k8Fzs00K3Fx10iYqJ1fSW7uYWlsbXHc_N9yGa/kMunzF23vOL0Xr4voM1PQ2uOWKjPcbQDU7M-fAsEG8uWAUILMfoxSzeAB1ipNWNcdqehG3lQcmpAIU_w1RMHynmh3k8BR0wGTuQRpweVPkPXV2bfwPsZOMu3MtdZDcCa/z3Shf0dvQt2JPbjIWnVymPJHANik-V2eDKGGU28GsmvADo0Dpr8Hjx6r3lq2KFRGfFFIQ5CfpUPv0J0vag1GESOgYRyPxuHLJmfRFOp29zyCZReYe2uWV8i-0lelX-4s/.../

https://trovelive.trionworlds.com/account/.../record-first-client-download!execute.action?struts.token.name=token&token=BA3YHRQTWRIZ3A34EM6T1OJT1WFKPQZ0

Scan glyphinstall.exe - Powered by Reason Core Security