home

tw_pso2_20710_rc_43_installer.exe

Gamania Digital Entertainment CO., LTD.

This is a setup and installation application. The file has been seen being downloaded from tw.hicdn.pso2.beanfun.com.
Publisher:
Gamania Digital Entertainment CO., LTD.  (signed and verified)

MD5:
f185b9590e7a2eec8c7974f8cf2b2757

SHA-1:
1d6138f8f204f20e4a6ea017b6c10b9f075dbd46

SHA-256:
3704b6505e9309f017e1802d1fe997c190ea5769c26d1770f6ec4f86b32ddcfe

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 8:29:20 AM UTC  (today)

File size:
5.6 MB (5,923,992 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\tw_pso2_20710_rc_43_installer.exe

Digital Signature
Signed by:
Gamania Digital Entertainment CO., LTD.

Authority:
GlobalSign nv-sa

Valid from:
3/13/2014 11:05:09 PM

Valid to:
4/30/2017 9:26:51 AM

Subject:
CN="Gamania Digital Entertainment CO., LTD.", OU="Gamania Digital Entertainment CO., LTD.", O="Gamania Digital Entertainment CO., LTD.", L=New Taipei City, S=Taiwan, C=TW

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112168299E7E3CFD684F460D21123CF2CDA6

File PE Metadata
Compilation timestamp:
5/14/2013 3:03:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:VMbS/q2lkY+rL+bPVEpF5wgcaa7PU9NgGJKBou82MjDVGKNRF6IKo+eoRhbrUcCb:aukRGGFkoKBo72CtNfPP+eofw2qF

Entry address:
0x131203

Entry point:
E8, 01, 35, 01, 00, E9, 79, FE, FF, FF, CC, CC, CC, 55, 8B, EC, 57, 8B, 7D, 08, 33, C0, 83, C9, FF, F2, AE, 83, C1, 01, F7, D9, 83, EF, 01, 8A, 45, 0C, FD, F2, AE, 83, C7, 01, 38, 07, 74, 04, 33, C0, EB, 02, 8B, C7, FC, 5F, C9, C3, 8B, FF, 55, 8B, EC, 83, 3D, 00, AE, 75, 00, 00, 56, 8B, 35, 48, 80, 75, 00, 75, 04, 33, C0, EB, 63, 57, 85, F6, 75, 1B, 39, 35, 50, 80, 75, 00, 74, 53, E8, 3F, 36, 01, 00, 85, C0, 75, 4A, 8B, 35, 48, 80, 75, 00, 85, F6, 74, 40, 83, 7D, 08, 00, 74, 3A, FF, 75, 08, E8, EC, 35, 00...
 
[+]

Entropy:
7.3330

Code size:
2.2 MB (2,282,496 bytes)

The file tw_pso2_20710_rc_43_installer.exe has been seen being distributed by the following URL.

http://tw.hicdn.pso2.beanfun.com/PSO2/.../TW_PSO2_20710_rc_43_installer.EXE

Scan tw_pso2_20710_rc_43_installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.