home

vapmix.exe

yessign

This is a setup program which is used to install the application. The file has been seen being downloaded from software.naver.com and multiple other hosts.
Publisher:
yessign  (signed and verified)

MD5:
a79381a89b16762225d0c6f0e42b7801

SHA-1:
6a9019e6bf321660a77e370945613781020970b0

SHA-256:
de085454ed2d0758f52cd547600a1bedb1af6d25a23030c00503fb05e8775c24

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 4:30:43 AM UTC  (today)

File size:
356.8 KB (365,392 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\???\vapmix.exe

Digital Signature
Signed by:
yessign

Authority:
yessign

Valid from:
1/20/2015 12:00:00 AM

Valid to:
1/20/2016 11:58:59 PM

Subject:
CN=(주)뱁션, OU=02201401200001, OU=code-sign, O=yessign, C=kr

Issuer:
CN=yessignCA General Class 2, OU=AccreditedCA, O=yessign, C=kr

Serial number:
07F2D1FCCADB8A3D2405

File PE Metadata
Compilation timestamp:
3/28/2014 3:27:53 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:q8kH/SHiLWblmTBctLEvsXK74IN4hRLNEfWMejhjFDk3zy5mQCI156wP046xst1q:jkHRLWblmT+LEvhv09NClU9FD225HCIG

Entry address:
0x12D4

Entry point:
E8, C6, 22, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 08, 70, 41, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 0C, 70, 41, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, 2B, 1F, 00, 00, 85, C0, 75, 06, B8, 70, 71, 41, 00, C3, 83, C0, 08, C3, 8B, FF, 55, 8B, EC, 33, C0, 39, 45, 08, 6A, 00, 0F, 94, C0, 68, 00, 10, 00, 00, 50, FF, 15, 68, 10, 41, 00, A3, EC, 7C, 41, 00, 85...
 
[+]

Entropy:
7.7089  (probably packed)

Code size:
62 KB (63,488 bytes)

The file vapmix.exe has been seen being distributed by the following 3 URLs.

http://software.naver.com/api/.../httpDown.nhn?softwareId=GWS_000735|all|GWV_005944&key=f7b689f5ac6884b1ea37c7a23612b63ed3723da3ab5934e8d5fdae7853909f2569fab4155f4884c774b2356b45631f4fb3f67e793f8f22528386c345de1411d67473a0b9f139d71a30cf39f202c4e8dbfd63cb7d4f3ed6176a673f430d01a1ae72f39af1afbb29c0776e801b634a6a55b2d77b95468a76633378cf67b16b594f29ffcd5462c256ba8de3b53835adda768174d182af5669db53d26b92b2680848538a0136bd6e82de7191dc3a006e493bb86a9399688085fb24fc7f0f374f1e159b59d1bf0cc8a093b874821bc108b406e6efa29a89e2095a8c0469b51ced1413a6e64e952f61b636e9dd7dbdc48e94db76af164ea2f6e933d550d7f2c8366487

http://www.vapshion.com/download/start/.../download

http://software.naver.com/api/.../httpDown.nhn?softwareId=GWS_000735|all|GWV_005944&key=f7b689f5ac6884b1ea37c7a23612b63ed3723da3ab5934e8d5fdae7853909f2569fab4155f4884c774b2356b45631f4fb3f67e793f8f22528386c345de1411d67473a0b9f139d71a30cf39f202c4e8dbfd63cb7d4f3ed6176a673f430d01a1ae72f39af1afbb29c0776e801b634a6a55c409668a41c48be1221f604cf9279ca14d000442369e4db8a8bb00011260b992d4a43124c01c8c5515044d1268f95526c0665eb6fa0a6754d713fdf4b52a69fdbd4bd1b810182a78b97b54b9827c1163ef75bed4450caa4ca14906cbb70b90910392aa4472e257305607f50e9dd52567c051972e7c96e08edcddd91a9dd4a6a7f5eb92c498697899920f9763957b06ec

Scan vapmix.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.