home

������ŭ��

케이오케이 (KOK)

Publisher:
케이오케이 (KOK)  (signed and verified)

Version:
1.1.22.09

MD5:
1fc0d3749dfd160fbf05eabff70a0906

SHA-1:
091d87a8413b1196d121a10662a18b12498f760e

SHA-256:
b85a3bba66484829631ce9f2ccbc021144bc31324a4d48b86732b5a14bc8c1bc

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 11:27:00 AM UTC  (today)

File size:
856.3 KB (876,832 bytes)

Product version:
1.1.22.09

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\%bc%be%bf%c0%c5%e4ŭ%b8%af

Digital Signature
Signed by:
케이오케이 (KOK)

Authority:
thawte, Inc.

Valid from:
1/11/2016 9:00:00 AM

Valid to:
1/11/2017 8:59:59 AM

Subject:
CN=케이오케이 (KOK), OU=IT Team, O=케이오케이 (KOK), L=Yeonsu-gu, S=Incheon, C=KR

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
48D56B9D0F0E37D980C3B78FDA091478

File PE Metadata
Compilation timestamp:
11/11/2015 8:04:26 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:ARNgqGHzNGi94tjiGKs2umsU2thOU3wYRqwCH6aR1/dEeMWWW:ARNgqiwmy2psUaUU3DqwCH6a3dEeXWW

Entry address:
0x919F3

Entry point:
E8, 60, 5E, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, 56, 8B, 44, 24, 14, 0B, C0, 75, 28, 8B, 4C, 24, 10, 8B, 44, 24, 0C, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 08, F7, F1, 8B, F0, 8B, C3, F7, 64, 24, 10, 8B, C8, 8B, C6, F7, 64, 24, 10, 03, D1, EB, 47, 8B, C8, 8B, 5C, 24, 10, 8B, 54, 24, 0C, 8B, 44, 24, 08, D1, E9, D1, DB, D1, EA, D1, D8, 0B, C9, 75, F4, F7, F3, 8B, F0, F7, 64, 24, 14, 8B, C8, 8B, 44, 24, 10, F7, E6, 03, D1, 72, 0E, 3B, 54, 24, 0C, 77, 08, 72, 0F, 3B, 44, 24, 08, 76, 09, 4E, 2B, 44, 24, 10, 1B...
 
[+]

Entropy:
6.4822

Code size:
633.5 KB (648,704 bytes)

The file ������ŭ�� has been seen being distributed by the following 3 URLs.

http://low.software.dn.naver.com/f4b6ad4977ab8009690176bd4ebbf8c8/.../SEN Autoclick.exe

http://cfile209.uf.daum.net/.../273BAB3556944A962FFDCB

http://high.software.dn.naver.com/f4b6ad4977ab8009690176bd4ebbf8c8/.../SEN Autoclick.exe

Scan ������ŭ�� - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.