home

17-11245_k-lite_codec_pack_790_mega.exe

Pacifics Co.,Ltd

The application 17-11245_k-lite_codec_pack_790_mega.exe by Pacifics Co.,Ltd has been detected as adware by 8 anti-malware scanners. The file has been seen being downloaded from sjftkfkdgkrldp.tistory.com and multiple other hosts. While running, it connects to the Internet address 61-111-58-27.kidc.net on port 80 using the HTTP protocol.
Publisher:
Pacifics Co.,Ltd  (signed and verified)

Version:
1.0.0.0

MD5:
6fe077a32721520b60b6a93be59d1c6f

SHA-1:
d04d02b51de6adbb6eb021b177e4af24dc29a600

SHA-256:
cc3edc4300a5fad87fe73bc43e1c38f1b3354ab02144153f92d21c200cee615f

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
4/26/2024 3:46:10 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Agent
7.1.1

Bkav FE
W32.HfsAdware
1.3.0.7133

Dr.Web
Trojan.DownLoader12.53796
9.0.1.0240

IKARUS anti.virus
Trojan.Agent
t3scan.1.9.5.0

McAfee
Artemis!6FE077A32721
5600.6660

NANO AntiVirus
Trojan.Win32.Agent.dvogbk
0.30.24.3079

Reason Heuristics
PUP.Pacifics (M)
15.8.28.1

ViRobot
Adware.WowUtil.2292544[h]
2014.3.20.0

File size:
2.2 MB (2,292,544 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
Pacifics Co.,Ltd

Authority:
thawte, Inc.

Valid from:
1/16/2015 9:00:00 AM

Valid to:
2/16/2016 8:59:59 AM

Subject:
CN="Pacifics Co.,Ltd", O="Pacifics Co.,Ltd", L=Busan, S=Nam-gu, C=KR

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
4E99E8BB927F471EE5B90733CC461400

File PE Metadata
Compilation timestamp:
7/25/2014 11:34:41 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:DI5oza1v23Sce1EMalzdM8AuyekrShRoW/i4A5:D8vh1EMQdMHuyekrShRoW/i4A5

Entry address:
0x578BA0

Entry point:
60, BE, 00, B0, 87, 00, 8D, BE, 00, 60, B8, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
6.1406

Packer / compiler:
UPX 2.90LZMA

Code size:
1016 KB (1,040,384 bytes)

The file 17-11245_k-lite_codec_pack_790_mega.exe has been seen being distributed by the following 50 URLs.

http://sjftkfkdgkrldp.tistory.com/.../cfile6.uf@244F843C579EFA1F185DEB.exe

http://edktjr23.tistory.com/.../cfile8.uf@2676953C57BE4CD31077C1.exe

http://cfile9.uf.tistory.com/.../253573455809C6A72BFE59

http://5gwarnowiam.tistory.com/.../cfile30.uf@2360783B578448E721CA55.exe

http://covmajs.tistory.com/.../cfile5.uf@27530C4257EB336C23E8D7.exe

http://akstjdvlrhswmd.tistory.com/.../cfile29.uf@250CAD4F56B3F1E90EC88D.exe

http://firhndjh4j.tistory.com/.../cfile21.uf@24149C4657FDEBF7082D52.exe

http://dualcenter.tistory.com/.../cfile9.uf@2317454157D7691C33397E.exe

http://wnrdjeh.tistory.com/.../cfile10.uf@226C4D4057D75C5A140876.exe

http://cfile8.uf.tistory.com/.../2676953C57BE4CD31077C1

http://sanltkqk54129.tistory.com/.../cfile21.uf@222089375806E64017D94A.exe

http://eoro12345.tistory.com/.../cfile9.uf@210B1D4F56D78D63021610.exe

http://vlrhs.tistory.com/.../cfile29.uf@227A803856B166AB185620.exe

http://flsemqmffja.tistory.com/.../cfile29.uf@26498E3A57EDB8C834DF60.exe

http://dqlwo928.tistory.com/.../cfile1.uf@2346574457E8D5AA0E3A74.exe

http://cfile5.uf.tistory.com/.../27530C4257EB336C23E8D7

http://qldyddl1k2j54.tistory.com/.../cfile6.uf@246AB93F57B2C5980B9D43.exe

http://longlongtimenoseei.tistory.com/.../cfile24.uf@24069F3657D7754B1B1864.exe

http://heysexygirlimcrazy.tistory.com/.../cfile1.uf@2241DE435704DB451517A2.exe

http://cfile24.uf.tistory.com/.../2112C14655C30FB2347A39

http://cfile21.uf.tistory.com/.../2421113658096D700DF7FD

http://ghssksek.tistory.com/.../cfile9.uf@224EBC3357A13FB020743F.exe

http://ukikiki.tistory.com/.../cfile7.uf@2452423B5695A54C06DBCE.exe

http://gkfnwkd234.tistory.com/.../cfile27.uf@2464703557FDF04F31FF24.exe

http://cfile26.uf.tistory.com/.../254B5D4257F5B31B0743C0

http://dpqkt2.tistory.com/.../cfile21.uf@2376844A56BC17042F93E1.exe

http://mom1k235.tistory.com/.../cfile2.uf@257DDC3357B2D1180C1898.exe

http://dktlrptdjdy.tistory.com/.../cfile8.uf@2672F2405681E1110A009E.exe

http://cfile10.uf.tistory.com/.../236AB33957F31F0D35A6B4

http://gaeilyseae1.tistory.com/.../cfile21.uf@262FDE3557F5B2E0268C0B.exe

Latest 30 of 54 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to ec2-52-55-195-249.compute-1.amazonaws.com  (52.55.195.249:443)

TCP (HTTP):
Connects to static-ip-188-138-17-174.inaddr.ip-pool.com  (188.138.17.174:80)

TCP (HTTP):
Connects to a23-49-155-27.deploy.static.akamaitechnologies.com  (23.49.155.27:80)

TCP (HTTP SSL):
Connects to ec2-52-3-176-101.compute-1.amazonaws.com  (52.3.176.101:443)

TCP (HTTP):
Connects to a23-74-19-27.deploy.static.akamaitechnologies.com  (23.74.19.27:80)

TCP (HTTP):
Connects to ip246.ip-178-32-109.eu  (178.32.109.246:80)

TCP (HTTP):
Connects to ip76.ip-178-32-118.eu  (178.32.118.76:80)

TCP (HTTP SSL):
Connects to ec2-52-7-154-8.compute-1.amazonaws.com  (52.7.154.8:443)

TCP (HTTP):
Connects to 61-111-58-9.kidc.net  (61.111.58.9:80)

TCP (HTTP):
Connects to 61-111-58-27.kidc.net  (61.111.58.27:80)

TCP (HTTP):
Connects to a23-76-153-58.deploy.static.akamaitechnologies.com  (23.76.153.58:80)

TCP (HTTP):
Connects to a23-76-153-42.deploy.static.akamaitechnologies.com  (23.76.153.42:80)

TCP (HTTP):
Connects to a23-43-11-27.deploy.static.akamaitechnologies.com  (23.43.11.27:80)

Remove 17-11245_k-lite_codec_pack_790_mega.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.