kalmuri

칼무리

WooJung ITS Co., Ltd.

Publisher:
길호넷  (signed by WooJung ITS Co., Ltd.)

Product:
칼무리

Version:
2.0.3.2

MD5:
581be830b857912cfe98f0e505cd649f

SHA-1:
24ba79e61d1ae44f772c1ccac52217a33f38a631

SHA-256:
0e59804741ecd92b948a309386c49e0ed9728d66d1b3fa632149885626e22770

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 10:58:07 AM UTC  (today)

File size:
516.8 KB (529,176 bytes)

Product version:
2

Original file name:
칼무리

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\kalmuri

Digital Signature
Authority:
Thawte, Inc.

Valid from:
10/29/2014 7:00:00 PM

Valid to:
1/29/2016 5:59:59 PM

Subject:
CN="WooJung ITS Co., Ltd.", OU=IT Team, O="WooJung ITS Co., Ltd.", L=Gangnam-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2CB25D923AA454DB5D948A31811AEDB7

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:tTruNyQmTrSiuHH6r6mxbPNjrQPU7z4VKwjsgHe0+ZEBbD8XWk:gAHTrSTqRlX7EVKOs/0xsXp

Entry address:
0x157200

Entry point:
60, BE, 00, B0, 4D, 00, 8D, BE, 00, 60, F2, FF, C7, 87, 9C, 00, 0F, 00, E7, 77, 33, 81, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Entropy:
7.9159

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
500 KB (512,000 bytes)

The file kalmuri has been seen being distributed by the following 4 URLs.

http://software.naver.com/api/.../httpDown.nhn?softwareId=MFS_100183|all|GWV_006936&key=5a6edaeef59bf57374a656fd84f120aa8ffc814c848601da9052e727d585e3b7543294a321b10e1729534081f1d57b3d20cb9b731eb6615efbe7a853d6854c364d5160ae1c02056eb79ed5778a21dc3a651f3dc0a41f3186295af465668cd059b0383f9995bfec9044e320c13fb893dd0e17a488c7fefb617c0ea8d60e6e99f94408a3fb00d795688768cc2439a644ab01c97a5516f1cd95635011b87a87476d1f04513114ea6b2922ff333b4e5f184ef8aa7eef878c2dff4dcbd20ff3c5d84a332ad62c95d913726273bbe7510be2bf591df1e6eb86349544b344ebb6a931428381665a17fa4f090ba2fb593c503d3d8bfee33ff5165d2103f222646ea7eb4d

http://software.naver.com/api/.../httpDown.nhn?softwareId=MFS_100183|all|GWV_006936&key=5a6edaeef59bf57374a656fd84f120aa8ffc814c848601da9052e727d585e3b7543294a321b10e1729534081f1d57b3d20cb9b731eb6615efbe7a853d6854c364d5160ae1c02056eb79ed5778a21dc3a651f3dc0a41f3186295af465668cd059b0383f9995bfec9044e320c13fb893dd3a2ee5dd4c95fe08362d48a7f667606ab9d4c9fed3d33d497a1a0aa7017970e3789db664299b2315541b563bd78a3a6d7d986a6dceeee1747001a0e0decff8a6e12e85c3951e3ce774cc70ecc22ec654da5e53cce83767e86ff73c130eec19cee045a345eb23bfe33ee4a31456c9fc08986c8590ad8f8e592cdb90a7bf2e8e9acd8a063d8ddd8364a0f6c72a63ff29a6

Scan kalmuri - Powered by Reason Core Security