home

#kaguya.pl.wh.exe

Metin2Client

Ymir Entertainment

This is a setup program which is used to install the application. The file has been seen being downloaded from www37.zippyshare.com and multiple other hosts.
Publisher:
Ymir Entertainment

Product:
Metin2Client

Version:
1.0.28249.1

MD5:
3f9018d90fd12b3a0564eb4ca7236f64

SHA-1:
273c953e05cf0872c19cce2a5b9514ce3dd90fb3

SHA-256:
d99486d106e4b7ee2592c53f0b490763dcb57a104f13b4856cfc71510b05c77c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/6/2024 2:18:35 AM UTC  (today)

File size:
1.9 MB (2,003,834 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2011

Original file name:
Metin2Client.exe

File type:
Executable application (Win32 EXE)

Language:
Polish (Poland)

Common path:
C:\users\{user}\downloads\#kaguya.pl.wh.exe

File PE Metadata
Compilation timestamp:
7/13/2016 2:19:24 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:Jh5IY3vagbRXLkbrje6SGz8TwHeYg/VALKJmhQ6qN:JhZ9bObr8GQigtALKJmhQ/

Entry address:
0x388B33

Entry point:
E8, 00, 00, 00, 00, 60, E8, 4F, 00, 00, 00, AE, 10, 78, A2, BA, E6, 10, 77, 71, E2, FC, DC, 45, 5B, CA, E2, E9, B6, EC, E1, A6, 10, B0, CE, 6B, 23, D8, E5, 67, 4A, 66, 7F, FE, E8, B8, 7B, 20, C3, 14, 0E, C6, AD, E1, B6, 10, B9, DD, 0A, BB, 4F, 1F, D2, CE, A8, 06, 74, BB, 4F, 1F, D2, CE, A8, 06, 74, E9, 1A, 6D, 00, 00, E9, 2E, 6D, 00, 00, E9, 29, 6D, 00, 00, E8, 6E, FB, FF, FF, 6E, 00, 01, 00, 06, 99, 00, 00, 35, D3, E6, 63, 13, 02, D1, 76, 2B, 91, 74, B6, E2, 98, 91, 8F, 4B, 2B, D0, 5D, C6, E2, 69, 85, A9...
 
[+]

Packer / compiler:
MoleBox v2.0

The file #kaguya.pl.wh.exe has been seen being distributed by the following 2 URLs.

http://www37.zippyshare.com/d/iMA5JL0y/.../#Kaguya.pl.WH.exe

http://www37.zippyshare.com/d/iMA5JL0y/.../#Kaguya.pl.WH.exe

Scan #kaguya.pl.wh.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.