vindictusdownloaderv127.exe

Nexon America Inc.

This is a setup program which is used to install the application. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
Publisher:
Nexon America Inc.  (signed and verified)

MD5:
225656f963606ca9128ebd1e85d05096

SHA-1:
754513b90209a1632f33ee59c6c5c5ddf986c325

SHA-256:
af724d2fc050550e569e1d3aaa00421db7419e6c60c4dde434d39f51e95c198b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 2:37:45 AM UTC  (today)

File size:
1.8 MB (1,908,336 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\Pictures\vindictusdownloaderv127.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
9/2/2010 8:00:00 PM

Valid to:
10/8/2012 7:59:59 PM

Subject:
CN=Nexon America Inc., OU=Game Platform, O=Nexon America Inc., L=Los Angeles, S=California, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
523CC71AB861230979AAC21CF4F863A4

File PE Metadata
Compilation timestamp:
4/26/2011 1:54:29 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
49152:6bJ6yJEoj7c3nDSzhre3xqR1wb/cskOQP+ElDHee8z:616TS1re3xY1wb/cskO8lT

Entry address:
0x646550

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9176  (probably packed)

Code size:
1.8 MB (1,892,352 bytes)

The file vindictusdownloaderv127.exe has been seen being distributed by the following 9 URLs.

https://dw.uptodown.com/dwn/5AzLaWdsz73jadGwlypT-pPcJyVqJLvlOOQASWxWQ5aB2iq9kZ3yAnplj-LL5uWDYlIyFdiYPqXUU55Tdm_z8rB1hoXMwAR3aoUhqBuKm3gx_qTuhSHIeCSFa4o02jRa/Ocmz-y52XBQpJOXEK4m3wrXCFlNo7RQ7pzH-fj8K4N3tDC0XexPQOxchkfHW3j4-paTpzbCk4SA9NYiGWxCErpiQYRfF25Vrj5IbQzNqGZliA-g8VL_WiX7oA79d1GXU/9L-PxO7ATqOVXyjARAuGG6fWi8tmF7ik8OjjjXxjZTbWygSDIGg9KTtyPRqvvnvsHmI6F2Vn0l4IRZ9KMqLcpbtC7LlrGTj0wMyCv1DhO-TMkmQfgjSlKRF4XIsiE-HT/.../

http://dw.uptodown.com/dwn/puUqMiI-KlkNs7y0tAEN3lKw0ya-VK6C5xixYDpJC5caahA3vJ4_jf77nEtvJm7g9BjmiiUlD3H8G3PfPoWeCPyePJWItI13zxzjcLpjuHi-3EKJT6hehjjC9t3Ys5GI/izgceDa3fucTta-ExkoooHUbuDolkxU8-GMoHTkji7LedwkjemTkIBoaMx0tGQ0Xlju_Lf63Jd3mPpBgz0-uoXcfuEbcuHdtBHYrXaZ7ovVG0CuGBf8mcQ7xwEBdFpVg/IHznA4r-UWX9YQJDFA2XP3UerZi_22GM5IFffR4rQ-tLbO029FmzDINdpTdxq5QoFiC7wZakqmySvpShMb0xeWOMZsh0SGZyqmGpx9riET5ugrf_ZAvh4D666Natogit/.../

https://dw.uptodown.com/dwn/P6ZQLHfe-tWjn9LikwsXtOCbG9imGJ5EAXQw6Aiy8Rg99SQ7m0v9Rxq0PcoWAH9YYEQ2OOst_zfT1XNU7CkN64RlFy_rtcrrdG-4c9ctu2oulYZXFN0hu0fbXFt6RGn2/meyEf62KCrpYkdl-YTNEHzrVVogFour_X8IYCo8EKHgdzLPwPKv25fWe_AdnqNmDfv5xi8ygebjR2uXMHWDSVUTklC55eEs9FpUZ_oI_jWc3wl6fxVxfiGp7gS1pAa9G/5MFtlkKYtG45ESujVUybT2b0l2IzKwgDIrUNosqg9YQVezEtjesmj0BXj-G2YD9PNa4fpniKmFHyzFapSJlP9KwTSK-CZPjqZOzGu10Es31xA2y8AA52SEX8MI6S_iqs/.../

Scan vindictusdownloaderv127.exe - Powered by Reason Core Security