» HMCU.exe
Overview
Analysis
File Details
Downloads (46)
Network (3)

HMCU.exe

박치기의 마인크래프트 유틸

박치기(headings_)

File name:

HMCU.exe

Publisher:

박치기(headings_)

Product:

박치기의 마인크래프트 유틸

Version:

1.00

MD5:

063c535f618cf623bccff3c3e533f9e6

SHA-1:

cce3d49f47c218bffa0e791c141e3fcc535549e7

SHA-256:

5dc76b353129bc9d8ec96f9d5f432f3a71c51b5f0d4a81112bd3de880a988017

Scanner detections:

3 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

11/15/2024 12:40:11 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Dropper.Gen

7.11.152.32

IKARUS anti.virus

Trojan-Dropper

t3scan.1.6.1.0

Norman

Suspicious_Gen4.FXJNS

11.20140603

File size:

1.2 MB (1,261,568 bytes)

Product version:

1.00

Original file name:

HMCU.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\hmcu.exe

File PE Metadata

Compilation timestamp:

1/8/2014 5:44:16 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:byAgApSaGtq3STittkqRqcNEC+8i/C+ilLlClNagZ87no0tfwt14e1T1a8e7Ext3:Itq3RIqjN9iYtU4e1fpxtoqLpoZ3q7

Entry address:

0x2E38

Entry point:

68, 78, 13, 49, 00, E8, EE, FF, FF, FF, 00, 00, 48, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 09, 00, F2, 99, 9E, 4E, 82, 4D, 94, E3, 61, 10, 1F, 8E, BB, A9, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 27, 46, 61, 6C, 73, 65, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 69, 64, 74, 68, 20, 20, 20, 00, 20, 20, 20, 20, 20, 20, 20, B8, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 10, 00, 00, 00, 09, B4, 2A, 95, FC, 30, 73, 42, AE, 6D, 23, 35, 1B, 3A, 25, F2, 01, 00, 00, 00, 98, 00, 00, 00... 
[+]

Entropy:

6.2653

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

1.1 MB (1,183,744 bytes)

The file HMCU.exe has been seen being distributed by the following 46 URLs.

http://blogattach.naver.net/4fda53e3f6a3ab7759b5dcead537453c94c23fdcec/20150719_300_blogfile/.../HMCU.exe

http://blogattach.naver.net/c752db687b2123ffd13d506758bec1be1e4db954ec/20150905_108_blogfile/.../hmcu.exe

http://blogattach.naver.net/24b1388b9dc7c01c32deb387b85d2758fea856b264/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32deb180b854245ef7a55ab04d/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32deb586bf5c225cf9ae5bb573/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32deb280bc592359ffaa51b85d/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/13860fbca8f3f72b05e689b18d6d116ec99e60840a/20140127_178_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32d1b782b25c2e57ffab57b860/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32d1b28eb8552058f6ad56b24b/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32d1b381bc54235ff9a45bb14a/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32d1b081b85e215ffdaf5ab25a/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32deb684b35d2359f7a452b24d/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32d0b68eba582658fcaf52b45f/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32d1be8eb25e2458feac5bb971/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32d1b183ba542259fcaa5bb54e/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/13860fbca8f3f72b05e481b08e63186ac0936c82ef/20140127_178_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32d3b087bd5e2156f8ad55b555/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/13860fbca8f3f72b05e684b68a62186bc19c6187fa/20140127_178_blogfile/.../HMCU.exe

http://blogattach.naver.net/2abf368592c9ce123cdfbd8fbc522e54f2a155bb79/20140103_36_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32d1b28fb35f215bfda857b258/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/13860fbca8f3f72b05e688b08b6a126bc19e6684ff/20140127_178_blogfile/.../HMCU.exe

http://blogattach.naver.net/13860fbca8f3f72b05e687b68f6c1969c0926181fa/20140127_178_blogfile/.../HMCU.exe

http://blogattach.naver.net/13860fbca8f3f72b05e684b08e6d1861cb9d6d860f/20140127_178_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32d1b382bd5f2456fba45ab251/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/13860fbca8f3f72b05e485b48d6b176bcd9d638f19/20140127_178_blogfile/.../HMCU.exe

http://blogattach.naver.net/13860fbca8f3f72b05e487b38b6b166ccd9d64800a/20140127_178_blogfile/.../HMCU.exe

http://blogattach.naver.net/13860fbca8f3f72b05e689b08d6b1460cc9b658704/20140127_178_blogfile/.../HMCU.exe

http://blogattach.naver.net/13860fbca8f3f72b05e689b48e6b196acd9a648e1e/20140127_178_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32d1b280b85a205cf9a953b747/20140426_242_blogfile/.../HMCU.exe

http://blogattach.naver.net/24b1388b9dc7c01c32d1b687bf592756f9af51b55b/20140426_242_blogfile/.../HMCU.exe

Latest 30 of 46 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to a23-32-241-177.deploy.static.akamaitechnologies.com (23.32.241.177:80)

TCP (HTTP):

Connects to a125-56.200-182.deploy.akamaitechnologies.com (125.56.200.182:80)

TCP (HTTP):

Connects to a184-51-1-11.deploy.static.akamaitechnologies.com (184.51.1.11:80)

Scan HMCU.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.