HMCU.exe

박치기의 마인크래프트 유틸

박치기(headings_)

Publisher:
박치기(headings_)

Product:
박치기의 마인크래프트 유틸

Version:
1.00

MD5:
063c535f618cf623bccff3c3e533f9e6

SHA-1:
cce3d49f47c218bffa0e791c141e3fcc535549e7

SHA-256:
5dc76b353129bc9d8ec96f9d5f432f3a71c51b5f0d4a81112bd3de880a988017

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/26/2024 8:02:26 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.Gen
7.11.152.32

IKARUS anti.virus
Trojan-Dropper
t3scan.1.6.1.0

Norman
Suspicious_Gen4.FXJNS
11.20140603

File size:
1.2 MB (1,261,568 bytes)

Product version:
1.00

Original file name:
HMCU.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\hmcu.exe

File PE Metadata
Compilation timestamp:
1/8/2014 5:44:16 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:byAgApSaGtq3STittkqRqcNEC+8i/C+ilLlClNagZ87no0tfwt14e1T1a8e7Ext3:Itq3RIqjN9iYtU4e1fpxtoqLpoZ3q7

Entry address:
0x2E38

Entry point:
68, 78, 13, 49, 00, E8, EE, FF, FF, FF, 00, 00, 48, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 09, 00, F2, 99, 9E, 4E, 82, 4D, 94, E3, 61, 10, 1F, 8E, BB, A9, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 27, 46, 61, 6C, 73, 65, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 69, 64, 74, 68, 20, 20, 20, 00, 20, 20, 20, 20, 20, 20, 20, B8, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 10, 00, 00, 00, 09, B4, 2A, 95, FC, 30, 73, 42, AE, 6D, 23, 35, 1B, 3A, 25, F2, 01, 00, 00, 00, 98, 00, 00, 00...
 
[+]

Entropy:
6.2653

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
1.1 MB (1,183,744 bytes)

The file HMCU.exe has been seen being distributed by the following 46 URLs.

http://blogattach.naver.net/4fda53e3f6a3ab7759b5dcead537453c94c23fdcec/20150719_300_blogfile/.../HMCU.exe

http://blogattach.naver.net/c752db687b2123ffd13d506758bec1be1e4db954ec/20150905_108_blogfile/.../hmcu.exe

http://blogattach.naver.net/24b1388b9dc7c01c32deb387b85d2758fea856b264/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32deb180b854245ef7a55ab04d/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32deb586bf5c225cf9ae5bb573/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32deb280bc592359ffaa51b85d/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/13860fbca8f3f72b05e689b18d6d116ec99e60840a/20140127_178_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32d1b782b25c2e57ffab57b860/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32d1b28eb8552058f6ad56b24b/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32d1b381bc54235ff9a45bb14a/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32d1b081b85e215ffdaf5ab25a/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32deb684b35d2359f7a452b24d/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32d0b68eba582658fcaf52b45f/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32d1be8eb25e2458feac5bb971/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32d1b183ba542259fcaa5bb54e/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/13860fbca8f3f72b05e481b08e63186ac0936c82ef/20140127_178_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32d3b087bd5e2156f8ad55b555/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/13860fbca8f3f72b05e684b68a62186bc19c6187fa/20140127_178_blogfile/.../HMCU.exe

http://blogattach.naver.net/2abf368592c9ce123cdfbd8fbc522e54f2a155bb79/20140103_36_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32d1b28fb35f215bfda857b258/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/13860fbca8f3f72b05e688b08b6a126bc19e6684ff/20140127_178_blogfile/.../HMCU.exe

http://blogattach.naver.net/13860fbca8f3f72b05e687b68f6c1969c0926181fa/20140127_178_blogfile/.../HMCU.exe

http://blogattach.naver.net/13860fbca8f3f72b05e684b08e6d1861cb9d6d860f/20140127_178_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32d1b382bd5f2456fba45ab251/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/13860fbca8f3f72b05e485b48d6b176bcd9d638f19/20140127_178_blogfile/.../HMCU.exe

http://blogattach.naver.net/13860fbca8f3f72b05e487b38b6b166ccd9d64800a/20140127_178_blogfile/.../HMCU.exe

http://blogattach.naver.net/13860fbca8f3f72b05e689b08d6b1460cc9b658704/20140127_178_blogfile/.../HMCU.exe

http://blogattach.naver.net/13860fbca8f3f72b05e689b48e6b196acd9a648e1e/20140127_178_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32d1b280b85a205cf9a953b747/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32d1b687bf592756f9af51b55b/20140426_242_blogfile/.../HMCU.exe

Latest 30 of 46 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a23-32-241-177.deploy.static.akamaitechnologies.com  (23.32.241.177:80)

TCP (HTTP):
Connects to a125-56.200-182.deploy.akamaitechnologies.com  (125.56.200.182:80)

TCP (HTTP):

Scan HMCU.exe - Powered by Reason Core Security