home

kanhq.exe

KanHQ

Haxe

Publisher:
Haxe

Product:
KanHQ

Description:
艦これ 司令部室

Version:
0.7.0.1

MD5:
341d84cc13bb9b2332995eb94f5559c7

SHA-1:
228d4548702dc32c90248bec7ae82c781f5c5428

SHA-256:
04bb3c86e3b00a1b5ddf83a72bb1de6f36585acc1619f9b7a2bd43c161171708

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/15/2024 8:47:17 PM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
Suspicious_GEN.F47V0618
7.2.195

File size:
523.5 KB (536,064 bytes)

Product version:
0.7.0.1

Copyright:
Copyright © 2013,2014 はぇ~

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
6/15/2014 8:20:14 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:tOXtZkecarXY/wEgc8SqyEP/au+cusrkw9KxlQw92ZCiDJd2Xbqq1Dd9:QdGe1rXUekoR+3smm1d2LpD

Entry address:
0x6CB8E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, AE, D8, 9C, 53, 00, 00, 00, 00, 02, 00, 00, 00, 4F, 00, 00, 00, B0, CB, 06, 00, B0, AD, 06, 00, 52, 53, 44, 53, D8, BA, 05, 39, 69, D5, 46, 47, 92, 13, 4F, 44, 6E, EB, 54, 23, 01, 00, 00, 00, 43, 3A, 5C, 55, 73, 65, 72, 73, 5C, 68, 61, 78, 65, 5C, 53, 6F, 75, 72, 63, 65, 5C, 52, 65, 70, 6F, 73, 5C, 4B, 61, 6E, 48, 51, 5C, 6F, 62, 6A, 5C, 52, 65, 6C, 65, 61, 73, 65, 5C, 4B, 61, 6E, 48, 51, 2E, 70, 64, 62, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5215

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
427.5 KB (437,760 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to tf-in-f154.1e100.net  (173.194.72.154:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.10.145:80)

TCP (HTTP):
Connects to rbeacon04.ane.vip.kks.yahoo.co.jp  (114.111.91.165:80)

TCP (HTTP):
Connects to nrt13s01-in-f31.1e100.net  (173.194.38.223:80)

TCP (HTTP):
Connects to nrt13s01-in-f30.1e100.net  (173.194.38.222:80)

TCP (HTTP):
Connects to nrt13s01-in-f13.1e100.net  (173.194.38.205:80)

TCP (HTTP):
Connects to nrt04s10-in-f16.1e100.net  (173.194.117.176:80)

TCP (HTTP):
Connects to ec2-54-64-178-213.ap-northeast-1.compute.amazonaws.com  (54.64.178.213:80)

TCP (HTTP):
Connects to ec2-54-199-227-82.ap-northeast-1.compute.amazonaws.com  (54.199.227.82:80)

TCP (HTTP):
Connects to a23-66-97-171.deploy.static.akamaitechnologies.com  (23.66.97.171:80)

TCP (HTTP):
Connects to a210-149-135-38.deploy.akamaitechnologies.com  (210.149.135.38:80)

TCP (HTTP):
Connects to 184.172.133.85-static.reverse.softlayer.com  (184.172.133.85:80)

Scan kanhq.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.