» main.exe
Overview
Analysis
File Details
Downloads (2)

main.exe

WebZen mu main

WebZen

The executable main.exe has been detected as malware by 9 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download2069.mediafire.com and multiple other hosts.

File name:

main.exe

Publisher:

WebZen

Product:

WebZen mu main

Description:

main

Version:

1, 2, 3, 0

MD5:

f67bf252f177c26a5708b6a74465cdd7

SHA-1:

2940f55cbaba55ecbe5f753af51208002f3a6878

SHA-256:

ee96f75a15fe6d41cf97db3711056268d2197a2e3cb130298bd5aed381600b62

Scanner detections:

9 / 68

Status:

Malware

Analysis date:

12/26/2024 4:06:26 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.HfsAutoB

1.3.0.7237

F-Prot

W32/S-30419ad1

v6.4.7.1.166

IKARUS anti.virus

Trojan.Virtumonde

t3scan.1.9.5.0

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.1014

McAfee

Artemis!F67BF252F177

5600.6560

nProtect

Backdoor/W32.Bifrose.4110418

15.10.05.01

Qihoo 360 Security

HEUR/Malware.QVM19.Gen

1.0.0.1015

Rising Antivirus

PE:Trojan.Horse!6.2359[F1]

23.00.65.151204

ViRobot

Trojan.Win32.S.Agent.4110418[h]

2014.3.20.0

File size:

3.9 MB (4,110,418 bytes)

Product version:

1, 0, 0, 1

Original file name:

main.exe

File type:

Executable application (Win32 EXE)

Language:

Korean

File PE Metadata

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:7Totj5h48IFndn007tkJe9gDDbLy0ZPiCnhzejLhzyFO9Ctn6t1zcPr9m:7ER5h48IFndn007tkJe9gDDbLy0UEhzw

Entry address:

0x845C200

Entry point:

68, 00, C0, 85, 08, FF, 15, C8, 31, 78, 00, 3D, 00, 00, 00, 00, 74, 1A, 68, 64, C0, 85, 08, 50, FF, 15, C4, 31, 78, 00, 3D, 00, 00, 00, 00, 74, 07, FF, D0, E9, 5C, 63, F2, F7, 68, 10, 00, 00, 00, 68, 00, 00, 00, 00, 68, 32, C0, 85, 08, 68, 00, 00, 00, 00, FF, 15, 98, 34, 78, 00, 68, 00, 00, 00, 00, FF, 15, 1C, 31, 78, 00, C3... 
[+]

Code size:

3.5 MB (3,678,208 bytes)

The file main.exe has been seen being distributed by the following 2 URLs.

http://download2069.mediafire.com/ilh3dmm511tg/.../main.exe

http://download1089.mediafire.com/8lkhwwtob8eg/.../main.exe

Remove main.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.