home

x2.exe

KOG Co., Ltd.

This is a setup program which is used to install the application. The file has been seen being downloaded from patch.elsword.levelup.com.br.
Publisher:
KOG Co., Ltd.  (signed and verified)

MD5:
084ece3cad6db68258ec002bcd2c586c

SHA-1:
290c2acb92ced058b28ab1e1bb117420be67e8b1

SHA-256:
b6f225648042da4af5919645d04b6e4f4fdde55aaee66fa8569e1af36c7f54bc

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/24/2024 8:52:47 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAutoA
1.3.0.6979

F-Prot
W32/Virut.AI!Generic
v6.4.7.1.166

File size:
12.7 MB (13,283,240 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
KOG Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
1/2/2014 10:00:00 PM

Valid to:
12/23/2015 9:59:59 PM

Subject:
CN="KOG Co., Ltd.", OU=IT Team, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="KOG Co., Ltd.", L=Jung-gu, S=Daejeon, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
33C0EFA6CF01720C33B1EEA03E630824

File PE Metadata
Compilation timestamp:
8/30/2015 11:13:04 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
393216:A+DibMUksmuUoY/DHphLWGDsP7pCNUFvpSG6YN6yY:VibMmQoYDWGoQopSckP

Entry address:
0x1F21000

Entry point:
83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, 00, 40, 00, 2D, 1F, 16, E9, 05, 05, 14, 16, E9, 05, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, E4, 3B, 03, 3D, 68, 89, 08, D0, 6D, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, 5B, 8B, 57, A4, 68, 8A, F7, 47, E7, 86, 57, A5, 02, 00...
 
[+]

Code size:
19.4 MB (20,317,696 bytes)

The file x2.exe has been seen being distributed by the following URL.

http://patch.elsword.levelup.com.br/.../x2.exe

Scan x2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.