home

넓은범위.exe

The executable 넓은범위.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from cafeattach.naver.net.
Version:
1.1.09.04

MD5:
c7b82f431dec948dd41cb3076eeb946d

SHA-1:
9a77a11d7dd5234009536e77113cfdb2ffdab1eb

SHA-256:
4d878611782f04a766b0e7f282ecba08db2e65f57bf6c383b6d8012db96b7057

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/26/2024 5:42:58 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.7.14.16

File size:
618.5 KB (633,344 bytes)

Product version:
1.1.09.04

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\넓은범위.exe

File PE Metadata
Compilation timestamp:
3/14/2013 7:12:12 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:OVc0wQs/m7oG18KGhtmXp/08oSoDZNMvyIuz2RWxI4Lofrv/KFoCbV/FjUVqEk9C:OVc5Qs/m7oGiUZ/0LMnufNLKv/KFoCbU

Entry address:
0x105600

Entry point:
60, BE, 00, 00, 4C, 00, 8D, BE, 00, 10, F4, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 01, 3C, 10, 00, 57, 83, C3, 04, 53, 68, FE, 55, 04, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.6675

Code size:
284 KB (290,816 bytes)

The file 넓은범위.exe has been seen being distributed by the following URL.

http://cafeattach.naver.net/32a72e9d8cd5d60a24c6a993ae483040ebbb41ae06/20160712_277_cafefile/.../????????.exe

Remove 넓은범위.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.