» KCPPayWizard.exe
Overview
Analysis
File Details
Downloads (1)

KCPPayWizard.exe

TODO:

KCP Co.,Ltd.

File name:

KCPPayWizard.exe

Publisher:

TODO: <Company name> (signed by KCP Co.,Ltd.)

Product:

TODO: <Product name>

Description:

KCPPayWizard

Version:

1.0.0.1

MD5:

a0021166225a31fbf28878c5df2f3318

SHA-1:

370af0ad939f3f76a7deeaaaedfaf59eb8283ee6

SHA-256:

796e7a1fe5f6f3a3b832ddcc129b46510c7177a2e6e9db355511cb4b7925ea9e

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/27/2024 9:42:41 AM UTC (today)

File size:

2.5 MB (2,608,680 bytes)

Product version:

1.0.0.1

Original file name:

KCPPayWizard.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\kcppaywizard.exe

Digital Signature

Signed by:

KCP Co.,Ltd.

Authority:

Symantec Corporation

Valid from:

12/21/2015 9:00:00 AM

Valid to:

12/21/2018 8:59:59 AM

Subject:

CN="KCP Co.,Ltd.", O="KCP Co.,Ltd.", L=Guro-gu, S=Seoul, C=KR, SERIALNUMBER=113-85-21083, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=KR

Issuer:

CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

3C026E9112FC071A07ABD5C2A27997EF

File PE Metadata

Compilation timestamp:

7/21/2016 4:25:45 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:HAQs1VxsPTtTQMyALr2LEUFo+LrsYYFlobwxVUalUrN8i9ezlz5rfozfV6Tjt:H61VxsPTtTQMVr27FoOrsYSlobwxMNBc

Entry address:

0x109ABC

Entry point:

E8, FF, 9E, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 68, 30, 9B, 50, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 20, 8A, 57, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C... 
[+]

Entropy:

6.0990

Code size:

1.2 MB (1,232,384 bytes)

The file KCPPayWizard.exe has been seen being distributed by the following URL.

https://pay.kcp.co.kr/plugin_new/.../KCPPayWizard.exe

Scan KCPPayWizard.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.