KCPPayWizard.exe

TODO:

KCP Co.,Ltd.

Publisher:
TODO: <Company name>  (signed by KCP Co.,Ltd.)

Product:
TODO: <Product name>

Description:
KCPPayWizard

Version:
1.0.0.1

MD5:
a0021166225a31fbf28878c5df2f3318

SHA-1:
370af0ad939f3f76a7deeaaaedfaf59eb8283ee6

SHA-256:
796e7a1fe5f6f3a3b832ddcc129b46510c7177a2e6e9db355511cb4b7925ea9e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/29/2024 10:36:34 AM UTC  (today)

File size:
2.5 MB (2,608,680 bytes)

Product version:
1.0.0.1

Copyright:
TODO: (c) <Company name>. All rights reserved.

Original file name:
KCPPayWizard.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\kcppaywizard.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
12/21/2015 9:00:00 AM

Valid to:
12/21/2018 8:59:59 AM

Subject:
CN="KCP Co.,Ltd.", O="KCP Co.,Ltd.", L=Guro-gu, S=Seoul, C=KR, SERIALNUMBER=113-85-21083, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=KR

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
3C026E9112FC071A07ABD5C2A27997EF

File PE Metadata
Compilation timestamp:
7/21/2016 4:25:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:HAQs1VxsPTtTQMyALr2LEUFo+LrsYYFlobwxVUalUrN8i9ezlz5rfozfV6Tjt:H61VxsPTtTQMVr27FoOrsYSlobwxMNBc

Entry address:
0x109ABC

Entry point:
E8, FF, 9E, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 68, 30, 9B, 50, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 20, 8A, 57, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C...
 
[+]

Entropy:
6.0990

Code size:
1.2 MB (1,232,384 bytes)

The file KCPPayWizard.exe has been seen being distributed by the following URL.

https://pay.kcp.co.kr/plugin_new/.../KCPPayWizard.exe

Scan KCPPayWizard.exe - Powered by Reason Core Security