» luz-de-oscuridad.exe
Overview
Analysis
File Details
Downloads (570)

luz-de-oscuridad.exe

Fancy3D Launcher

Beijing FancyGuo Tech Ltd

This is a setup program which is used to install the application. The file has been seen being downloaded from admin-hges.gamesow.com and multiple other hosts.

File name:

Publisher:

Hongfeng Hengyu (Beijing) Tech Ltd. (signed by Beijing FancyGuo Tech Ltd)

Product:

Fancy3D Launcher

Version:

0,15,0323,1430

MD5:

563c13d0981bee1372cad7488c49bd29

SHA-1:

ba8d36d8155c30f9c2293c14f1b92a6a20c777ec

SHA-256:

ec4873c9aecb99217ef92c5f35a1bb49c06e49f85ea0bc94113029fd1e3e82a2

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/15/2024 7:39:32 PM UTC (today)

File size:

2.1 MB (2,166,512 bytes)

Product version:

0,15,0323,1430

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\luz-de-oscuridad.exe

Digital Signature

Signed by:

Beijing FancyGuo Tech Ltd

Authority:

VeriSign, Inc.

Valid from:

6/11/2015 8:00:00 PM

Valid to:

7/14/2017 7:59:59 PM

Subject:

CN=Beijing FancyGuo Tech Ltd, OU=IT Support, O=Beijing FancyGuo Tech Ltd, L=BeiJing, S=BeiJing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

6D09E707C0C807139E9F7382746AF7CF

File PE Metadata

Compilation timestamp:

3/23/2015 2:31:01 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:LTSMIVpRMry8KwhJCgn6YyqSpWm3tpkUaFV+Vy:XzIVpSrvnCgFVoWwuV+I

Entry address:

0x2CFF50

Entry point:

60, BE, 00, 40, 4D, 00, 8D, BE, 00, D0, F2, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 28, D5, 2C, 00, 57, 83, C3, 04, 53, 68, 47, BF, 1F, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Code size:

2 MB (2,084,864 bytes)

The file luz-de-oscuridad.exe has been seen being distributed by the following 50 URLs.

https://.../dl?t=dl&s=http://.../20.html?gw=1&op=gamesow2&uf=0&uid=751017&sid=20&time=1447861357&sign=5ec3e4b4976505969b88795265f80c0b&instclient=1

https://.../dl?t=dl&s=http://.../26.html?gw=1&op=gamesow2&uf=0&uid=1215678&sid=26&time=1451671355&sign=76243f75ee792f665ce6322be845ff87&instclient=1

https://.../dl?t=dl&s=http://.../6.html?gw=1&op=gamesow2&uf=0&uid=794183&sid=6&time=1442522077&sign=bea6fe42fce144bc69a1ce5e7d8fe7e0&instclient=1

http://.../dl?t=dl&s=http://.../21.html?gw=1&op=gamesow2&uf=0&uid=1110529&sid=21&time=1449020628&sign=598fc759f485bf1268cf49794b556ff8

https://.../dl?t=dl&s=http://.../38.html?gw=1&op=gamesow2&uf=0&uid=1499090&sid=38&time=1461534001&sign=41b99a9655d859c83a63e5f5b9ec7dc9&instclient=1

https://.../dl?t=dl&s=http://.../21.html?gw=1&op=gamesow2&uf=0&uid=1108180&sid=21&time=1448908142&sign=8a8d567e33c259c0eba42a973ce40679&instclient=1

https://.../dl?t=dl&s=http://.../29.html?gw=1&op=gamesow2&uf=0&uid=1282226&sid=29&time=1453355843&sign=7c2fa7c957a2ac09c254aaee408294ff&instclient=1

https://.../dl?t=dl&s=http://.../35.html?gw=1&op=gamesow2&uf=0&uid=1409078&sid=35&time=1457997503&sign=88a2f02ec4d9e9c409ceaba49e031cdb&instclient=1

http://.../dl?t=dl&s=http://.../10.html?gw=1&op=gamesow2&uf=0&uid=892415&sid=10&time=1444226946&sign=36313792049ccfeaf91b27f2274c4997

https://.../dl?t=dl&s=http://.../7.html?gw=1&op=gamesow2&uf=0&uid=809724&sid=7&time=1442706658&sign=e4a9629aa1ad24a43bb8585bd201c7a3&instclient=1

https://.../dl?t=dl&s=http://.../35.html?gw=1&op=gamesow2&uf=0&uid=1409069&sid=35&time=1457997391&sign=fa1e246be5808f117511125f1a1ee399&instclient=1

https://.../dl?t=dl&s=http://.../22.html?gw=1&op=gamesow2&uf=0&uid=1114396&sid=22&time=1449147813&sign=0753b0f88f34b938963c16aa3c59ed08&instclient=1

https://.../dl?t=dl&s=https://.../42.html?gw=1&op=gamesow2&uf=0&uid=1680440&sid=42&time=1472052315&sign=69f63bfa74a151464e848352fda0853c&instclient=1

https://.../dl?t=dl&s=http://.../29.html?gw=1&op=gamesow2&uf=0&uid=1288059&sid=29&time=1453499513&sign=f0b0bfcf50f08f9c7f99c6d635b64c41&instclient=1

https://.../dl?t=dl&s=http://.../13.html?gw=1&op=gamesow2&uf=0&uid=962321&sid=13&time=1445450924&sign=a6041c16369d33e773a80d4516fe1b8a&instclient=1

https://.../dl?t=dl&s=http://.../13.html?gw=1&op=gamesow2&uf=0&uid=963557&sid=13&time=1445463748&sign=f53904c39a64610c273b4e43e80f45cc&instclient=1

https://.../dl?t=dl&s=http://.../36.html?gw=1&op=gamesow2&uf=0&uid=1422916&sid=36&time=1458920434&sign=c8a887ad01beef91ea9c49d154a96962&instclient=1

https://.../dl?t=dl&s=http://.../29.html?gw=1&op=gamesow2&uf=0&uid=1281876&sid=29&time=1453346219&sign=0ff584abed41a2e8ee13bc818e5c1269&instclient=1

https://.../dl?t=dl&s=http://.../38.html?gw=1&op=gamesow2&uf=0&uid=1493277&sid=38&time=1461359240&sign=10a986e6140339e4d6a046b70d9ef8d7&instclient=1

https://.../dl?t=dl&s=http://.../33.html?gw=1&op=gamesow2&uf=0&uid=1357191&sid=33&time=1455719646&sign=36b9135272c32a20812e08a844c5062f&instclient=1

http://.../dl?t=dl&s=http://.../30.html?gw=1&op=gamesow2&uf=0&uid=1319180&sid=30&time=1454352976&sign=df9bbfc6f2dc6265695cb2eaf574a22d

https://.../dl?t=dl&s=http://.../35.html?gw=1&op=gamesow2&uf=0&uid=1408298&sid=35&time=1457985620&sign=57b7375ed57c29c30fc9a3e3364bdd7c&instclient=1

http://.../dl?t=dl&s=http://.../16.html?gw=1&op=gamesow2&uf=0&uid=1014532&sid=16&time=1446338265&sign=800cc5b9f7af00d228e4f46aa79d683e

http://.../dl?t=dl&s=http://.../1.html?gw=1&op=gamesow2&uf=0&uid=648338&sid=1&time=1440174336&sign=9a03f23c97f759f04c938941afe0dd1f&instclient=1

https://.../dl?t=dl&s=http://.../15.html?gw=1&op=gamesow2&uf=0&uid=984781&sid=15&time=1445906289&sign=ffcc63d52e739ac5d53f757149f17465&instclient=1

https://.../dl?t=dl&s=http://.../20.html?gw=1&op=gamesow2&uf=0&uid=1086990&sid=20&time=1448234115&sign=3bb36d1e026501e0e716c448ee027acc&instclient=1

http://res-hges.gamesow.com/mclient/201508191537//hg-namabe.exe

https://.../dl?t=dl&s=http://.../24.html?gw=1&op=gamesow2&uf=0&uid=1161109&sid=24&time=1450287284&sign=1f4657d04eec3a08025d048f0dfcadca&instclient=1

https://.../dl?t=dl&s=http://.../14.html?gw=1&op=gamesow2&uf=0&uid=973992&sid=14&time=1445642247&sign=2a9169892515af750c95bd4f02b915ff&instclient=1

https://.../dl?t=dl&s=http://.../4.html?gw=1&op=gamesow2&uf=0&uid=741511&sid=4&time=1441842102&sign=668ebf9a387c95fec7a292ddf48be6c9&instclient=1

Latest 30 of 570 download URLs

Scan luz-de-oscuridad.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.