» shanaencoder3.2.exe
Overview
Analysis
File Details
Downloads (5)

shanaencoder3.2.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from software.naver.com and multiple other hosts.

File name:

shanaencoder3.2.exe

MD5:

f7fd8bdd41e27744c210b2e62e1a64f8

SHA-1:

a0d125a2a97197be44b16b21709d545f97e41d9d

SHA-256:

ee17661557d26e082e90eb10b96f90aeaa6456c08883d69f90457b7efb197b8b

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/23/2024 6:08:25 AM UTC (today)

File size:

3.5 MB (3,668,338 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\shanaencoder3.2.exe

File PE Metadata

Compilation timestamp:

12/27/2015 12:38:49 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:k6PVImI8D/VTUQf6CqbqOEiAdDkLuTp21HZBt3X4/31br+u0WNFBQxYuFKRmWsi8:xImI8TdVRqbqOxIi5BVQyu0IuFKRuMmB

Entry address:

0x30DE

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 57, 33, DB, 68, 01, 80, 00, 00, 89, 5C, 24, 1C, C7, 44, 24, 14, 88, 91, 40, 00, 33, F6, C6, 44, 24, 18, 20, FF, 15, B4, 70, 40, 00, FF, 15, B0, 70, 40, 00, 66, 3D, 06, 00, 74, 11, 53, E8, E4, 2D, 00, 00, 3B, C3, 74, 07, 68, 00, 0C, 00, 00, FF, D0, 68, 7C, 91, 40, 00, E8, 65, 2D, 00, 00, 68, 74, 91, 40, 00, E8, 5B, 2D, 00, 00, 68, 68, 91, 40, 00, E8, 51, 2D, 00, 00, 6A, 0D, E8, B4, 2D, 00, 00, 6A, 0B, E8, AD, 2D, 00, 00, A3, 64, 3F, 42, 00, FF, 15, 34, 70, 40, 00, 53, FF... 
[+]

Entropy:

7.9963

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file shanaencoder3.2.exe has been seen being distributed by the following 5 URLs.

http://software.naver.com/api/.../httpDown.nhn?softwareId=GWS_000251|all|GWV_007820&key=980ea26ba5637260368e8ab7f08a48a7c7c22bd65dc6dd91984f88caf9ab9c1f76fde2bdaa710e0c19d9906ff2a3ba232c8b2f84ca73fca881bebc89294e64c17348b2e5371bb323b363fd180c0ba7e885ceca15ce73d2ad7684c52d77ddc0490d3026ce189eda67e6869e22eb0221d8fa110cdbea3b3386cddec1a6675e587e1a170dcc177ea2ee3c2546b3824d3eb95fdfdee3f177f0159b8428de1cdeb8474e7e6b99fc5d1ebf441816fb753a8be2244b1659973449157e3a8605bdfb734ee51fe7f4a8df11c48dd54e0d5766f7d5eb00ac342bb8427bdf2ffe68b8497e02480813dbb9340ae7d6ca943b79d36e7ca4642a8505e24b57d15647e6abb51077

http://low.software.dn.naver.com/f4b6ad4977ab8009690176bd4ebbf8c8/.../ShanaEncoder3.2.exe

http://www.videohelp.com/.../ShanaEncoder3.2.exe

http://high.software.dn.naver.com/f4b6ad4977ab8009690176bd4ebbf8c8/.../ShanaEncoder3.2.exe

http://downloads.sourceforge.net/project/.../ShanaEncoder3.2.exe

Scan shanaencoder3.2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.