Launcher.EXE

Knight Empire

The executable Launcher.EXE has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address ip-184-168-221-39.ip.secureserver.net on port 80 using the HTTP protocol.
Product:
Knight Empire

Description:
ARDREAMWORLD

Version:
1, 0, 0, 1

MD5:
0fe56bba0d4bfbcc239dde55f9f874f0

SHA-1:
c4d565a035874b60e1d33ce42c5aeb5cdae3b066

SHA-256:
c1d2452df1fdf962ec13057202481ca3a183c265efbba81431ab60998cbe5e49

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/24/2024 11:16:27 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.6.18.23

File size:
2.4 MB (2,502,656 bytes)

Product version:
1,5,0,5

Copyright:
ARDREAMWORLD (C) 2009

Original file name:
Launcher.EXE

File type:
Executable application (Win32 EXE)

Language:
Kore Dili (Kore)

Common path:
C:\Program Files\knightonline\launcher.exe

File PE Metadata
Compilation timestamp:
10/21/2008 10:07:55 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:j61tBhOfS80PnSlHOz1BB7L02BC6zb84fzL2Om0CNZtohrvS0Qe9tPjtfskzcEeK:e3ZX1TEwC6/fFcZto9vSu9tjZskzc3M

Entry address:
0x1F474

Entry point:
55, 8B, EC, 6A, FF, 68, 70, 44, 44, 00, 68, A8, 41, 42, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 10, 02, 44, 00, 33, D2, 8A, D4, 89, 15, E0, 69, 45, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, DC, 69, 45, 00, C1, E1, 08, 03, CA, 89, 0D, D8, 69, 45, 00, C1, E8, 10, A3, D4, 69, 45, 00, 6A, 01, E8, BE, 39, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, 58, 2C, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
252 KB (258,048 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-184-168-221-39.ip.secureserver.net  (184.168.221.39:80)

TCP (HTTP):
Connects to www.turktelekom.com.tr  (195.175.112.224:80)

TCP (FTP):
Connects to WIN-6DGL5RI77S5  (109.230.196.102:21)

TCP:
Connects to vmi100558.contabo.host  (173.212.216.26:15100)

TCP (HTTP):
Connects to p3pwcmpweb-v01.secureserver.net  (184.168.131.213:80)

TCP (FTP):
Connects to LOST-KO  (185.103.198.215:21)

TCP:
Connects to host-37-247-102-248.routergate.com  (37.247.102.248:15100)

Remove Launcher.EXE - Powered by Reason Core Security