v3lite_setup.exe

AhnLab V3Lite

AhnLab, Inc.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from software.naver.com and multiple other hosts.
Publisher:
AhnLab, Inc.  (signed and verified)

Product:
AhnLab V3Lite

Description:
AhnLab V3Lite Setup Program.

Version:
3.3.2.710

MD5:
c01773a8923351708f81ad96299821b8

SHA-1:
6c8e9c3f348d87b7efa09f344728e10879b47683

SHA-256:
84909a6a17bb6dca1cee0470ab226d3d79d89b7450d3061dd6b96d05ef3817ae

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/25/2024 5:09:39 PM UTC  (today)

File size:
23.7 MB (24,847,928 bytes)

Product version:
3.3.2.710

Copyright:
Copyright (C) AhnLab, Inc. 1988-2015. All rights reserved.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\v3lite_setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
12/30/2014 7:00:00 PM

Valid to:
3/31/2016 7:59:59 PM

Subject:
CN="AhnLab, Inc.", O="AhnLab, Inc.", L=Seongnam, S=Gyeounggi, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
460DBFED46F7D23930BF0C3A1ED335B7

File PE Metadata
Compilation timestamp:
5/11/2015 1:33:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:Ap3Biv7vmLUGTcB6vIl+rZr8QpnK4BcWeOwgARMAGvfHqn3huhS8tSwk42JH:uwviLUGcB6cUrlpnK4kGAkKx+7sH

Entry address:
0x318A

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, E8, 90, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 78, 72, 40, 00, 6A, 09, A3, 18, 3F, 42, 00, E8, E5, 2C, 00, 00, A3, 64, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 70, 91, 40, 00, 68, 60, 36, 42, 00, E8, 6E, 29, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 5C, 29, 00, 00...
 
[+]

Entropy:
7.9999

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file v3lite_setup.exe has been seen being distributed by the following 14 URLs.

http://software.naver.com/api/.../httpDown.nhn?softwareId=MFS_100211|all|GWV_007341&key=6d102622031be792f9eaa6f7876d0b50d6eb51a170143338797e2a58272b6533d60916da5c88527b813b7fc3e8b43265e4136712edcbdb2f6630fb02c1a1cde25d980cb3173061c131e2f52621213ddba18175237f8a1608a2b26852aaf6fbdb9085e482cd31be699f5eb44f6d4f212d3608dfb6b69f6820c80ee26fce9edae1a05c535df1dc56239854a704596731be64ae7cd87a40974a22f921591ce81c003d1b86bf97a305b5b9e275295cb405384ac42ad6351c45708338a8969007b76bf920eec425620607b3891e5a608fc531d465390993e81c1e4a5493caefa238dcb86dcbace923b93a864be613f6f5200213e0915c54bb3d7b33de8e47743cbd71

http://software.naver.com/api/.../httpDown.nhn?softwareId=MFS_100211|all|GWV_007341&key=ada6c2383cec558822e8b2d2d4c5f30dfd12a410e42ac6c3e183f6773ee98fd730d5b2cbacebc4c362ab1605abd587b28790e9f944d0274841c1304719b79cecbc23bbe82f12a5527b959a93df946da020eb3558b5465dffc7f03b6010c790f019ca49828246b70ae94f60fce3bc0cb8715cde04c022ad056b963906ca680688bee25e16832fa9baef50dd465b71d14ed22f6a23fe417b0dabec96ea5dd0488992bbb4994821673d081389e6a076c51f7f9b55dd6fc046ca9927acc9ad49c2feedd3ee71b21e77b4e8428273e66da716d8ef2d655dc1ad6bd17dab8e50752d21dbce39cee1b62b43c64add263e974693bdc5f8037c103bee6d71e131a3b32329

http://software.naver.com/api/.../httpDown.nhn?softwareId=MFS_100211|all|GWV_007341&key=ada6c2383cec558822e8b2d2d4c5f30dfd12a410e42ac6c3e183f6773ee98fd730d5b2cbacebc4c362ab1605abd587b28790e9f944d0274841c1304719b79cecbc23bbe82f12a5527b959a93df946da020eb3558b5465dffc7f03b6010c790f019ca49828246b70ae94f60fce3bc0cb87845538aeaa0284f26665cc550a627bd5612f3acd585607599b899b8a3793acc9a3fe3e917a220312ecf16c6ca060c1f68474a98c13658be56effedd6de6d0135622fdc09ae115fc4d7587ab8ff1de960ed02f8ed3344053580aa4990ebb017545216f2683c4092f1a8d3ebaa7aa77c0cbc0c42c3cf3ea8642520aa62966777cd27c698c030161868d7b8ca17db06dec

http://software.naver.com/api/.../httpDown.nhn?softwareId=MFS_100211|all|GWV_007341&key=ada6c2383cec558822e8b2d2d4c5f30dfd12a410e42ac6c3e183f6773ee98fd730d5b2cbacebc4c362ab1605abd587b28790e9f944d0274841c1304719b79cecbc23bbe82f12a5527b959a93df946da020eb3558b5465dffc7f03b6010c790f019ca49828246b70ae94f60fce3bc0cb869ac197c5ae26631c24a4d82d4d791e34aac6b0dbb24dc26de2a668bc58d6492f181ab5dd76867c37362410da321c14cd9b28bc18c732b4bb9fb2247f850c89ce61dbce9b112ff43d746d715163ff09318bd6184785e8e1b7859f62cc477c893ddc11c575c29f6610d4eb441c60d5cbe0e7c6149c15ff1a80237441ed21d9949e25897b0fd66e514e46663f62d23e3bc

http://software.naver.com/api/.../httpDown.nhn?softwareId=MFS_100211|all|GWV_007341&key=ada6c2383cec558822e8b2d2d4c5f30dfd12a410e42ac6c3e183f6773ee98fd730d5b2cbacebc4c362ab1605abd587b28790e9f944d0274841c1304719b79cecbc23bbe82f12a5527b959a93df946da020eb3558b5465dffc7f03b6010c790f019ca49828246b70ae94f60fce3bc0cb8990fdfa617083cdd05a8e0e40427fb91df654e76801e4b5c44ef6398eded3b0dea6706fc0f831d7c8dcbd23356917b69325b4f2b404db83dd78ee133df0743a9d53eefa3673ab3d81b2acfa63cd325432a6a78c51bb4723c7b85ae1537e272f6b36678445f45669b1315aa5e420a342810d093945e77c37c0068e63d8a515ba31058d74c11c7cd2dd5916346016efa4b

Scan v3lite_setup.exe - Powered by Reason Core Security