home

3dwarlord-1_sagele.exe

Fancy3D Launcher

Fancy Guo Ltd.

This is a setup program which is used to install the application. The file has been seen being downloaded from admin-ds.top1game.com and multiple other hosts.
Publisher:
Hongfeng Hengyu (Beijing) Tech Ltd.  (signed by Fancy Guo Ltd.)

Product:
Fancy3D Launcher

Version:
0,15,1208,1825

MD5:
27daf24bd62b79fd706cbd125f944deb

SHA-1:
daf4306b83e420cb606e53e34436a780ffefb3e1

SHA-256:
71ee592c9feb4ac69b217cbfca7baad6105c70c1edbdea7e89d94d6255d10bb1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/28/2024 8:25:36 PM UTC  (today)

File size:
2.7 MB (2,833,912 bytes)

Product version:
0,15,1208,1825

Copyright:
Copyright (C) Hongfeng Hengyu 2009 - 2015. All rights reserved.

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\3dwarlord-1_sagele.exe

Digital Signature
Signed by:
Fancy Guo Ltd.

Authority:
Symantec Corporation

Valid from:
12/30/2014 8:00:00 AM

Valid to:
12/30/2016 7:59:59 AM

Subject:
CN=Fancy Guo Ltd., OU=Technical Department, O=Fancy Guo Ltd., L=Beijing, S=Beijing, C=CN

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
144F450EF0887210EC0F865689B3532D

File PE Metadata
Compilation timestamp:
12/12/2015 1:31:52 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:+sjntjszD1r2THxEjfqg+V52xXpOvygoxFduhiG683yfRENax3iIX:BntYtrexGqgHXpOuFxGgSAxSIX

Entry address:
0x3635B0

Entry point:
60, BE, 00, 80, 4B, 00, 8D, BE, 00, 90, F4, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, E2, 15, 36, 00, 57, 83, C3, 04, 53, 68, A4, B5, 2A, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.9960  (probably packed)

Code size:
2.7 MB (2,805,760 bytes)

The file 3dwarlord-1_sagele.exe has been seen being distributed by the following 50 URLs.

http://.../dl?t=dl&from=1&s=http://.../35.html?pscode=c5bpktae8pi01tq4mc8fert3r0&uid=top1game_591465&sid=35&time=1453474368&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=613108ce22a6cc8c905e6750c8755bb8

http://.../dl?t=dl&s=http://.../5.html?pscode=rjas4v4a1p37gqag7ikt7s2ci2&uid=top1game_180407&sid=5&time=1450802355&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=1c50fe9bf7f9517e4beea1c8e3fdc45e

http://.../dl?t=dl&from=1&s=http://.../20.html?pscode=jis8ss091it8on8d1gm6bm1qo5&uid=top1game_542257&sid=20&time=1452173401&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=9d2df45aa999cb7f263790c234d0b430

http://.../dl?t=dl&from=1&s=http://.../18.html?pscode=0ejg7ak2qevhik18u621spot96&uid=top1game_532313&sid=18&time=1451975460&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=fb51edc0b95696e782a3cab978759401

http://.../dl?t=dl&from=1&s=http://.../21.html?pscode=ej2g099mrl8tedelbb5144dg32&uid=top1game_439021&sid=21&time=1452278126&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=d7633c937cb53b42ce9343c3577558af

http://.../dl?t=dl&from=1&s=http://.../9.html?pscode=pkf4pcvn90nmb9q1id3intvnq1&uid=top1game_488227&sid=9&time=1451198049&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=8e27b4504cdbca1178c157526d75b1e9

http://.../dl?t=dl&from=1&s=http://.../12.html?pscode=e9uogef1802uingfn5k07p19j3&uid=top1game_503825&sid=12&time=1451473978&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=36469b777455e1d75f7770c43f6128bd

http://.../dl?t=dl&from=1&s=http://.../16.html?pscode=9oiq2g0uda9v1r2lf83qjitfe7&uid=top1game_129641&sid=16&time=1451817454&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=75c6a765d77dd7e146ef754e7065ce56

http://.../dl?t=dl&from=1&s=http://.../7.html?pscode=ljc7bhro65s6s4cfb1urebqpb2&uid=top1game_471047&sid=7&time=1451038723&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=99d017cf03e3f13fd826a1a6ee7fe9be

http://.../dl?t=dl&from=1&s=http://.../66.html?pscode=l7m28ifgjf4t4m24nfhr915m87&uid=top1game_651165&sid=66&time=1457849138&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=e9830c00e65c803bb031f6cac8c744d7

http://.../dl?t=dl&s=http://.../3.html?pscode=2j5850vj9o6nkht6od49p9ib21&uid=top1game_439689&sid=3&time=1450572289&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=d3eb4c98b9118334b763c52bd0d53673

https://res-ds.top1game.com/tw/.../3DWarlord-1_xejipo.exe

https://res-ds.top1game.com/tw/.../3DWarlord-1_riqawe.exe

http://.../dl?t=dl&from=1&s=http://.../23.html?pscode=qv466uitl9bnbgesfs7jv5gtc2&uid=top1game_555439&sid=23&time=1452396221&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=eabeba84b7bd48fc81a177850a843269

http://.../dl?t=dl&from=1&s=http://.../100.html?pscode=g3j6a703ci04ru1amt70d7juq0&uid=top1game_837303&sid=100&time=1468061272&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=03ab4612a3e25ff0d9c1cf259a545a3d

http://.../dl?t=dl&from=1&s=http://.../53.html?pscode=upmnpf08hvm5v5kfr203k7rth6&uid=top1game_626077&sid=53&time=1455472200&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=250e71a9a0affad36518bf864b04d16f

http://.../dl?t=dl&from=1&s=http://.../17.html?pscode=4hf9qu6skv5948cclqf1eaj3d5&uid=top1game_526035&sid=17&time=1451877192&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=c70534fae3337bd90a7b843137ea9223

http://.../dl?t=dl&from=1&s=http://.../37.html?pscode=ulm8f3e8g6o3vhcnrf8h274dc4&uid=top1game_595141&sid=37&time=1453608775&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=c2bdc48fcf21fb967836256e0dec56ba

https://res-ds.top1game.com/tw/.../3DWarlord-1_jexiti.exe

http://.../dl?t=dl&from=1&s=http://.../16.html?pscode=lpuktnn3lq62oegd2t9qi3tdc0&uid=top1game_506729&sid=16&time=1451809763&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=fc3d94d3c24d8978233444b55954060e

http://.../dl?t=dl&from=1&s=http://.../22.html?pscode=lau7mkbt9jdmj6nm9s4ifcdn35&uid=top1game_546835&sid=22&time=1452328144&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=4359af256afe9469e60e3f44c85c8ec5

http://.../dl?t=dl&from=1&s=http://.../7.html?pscode=tkse7k4ib58viqie0lbl5rpri3&uid=top1game_470893&sid=7&time=1451037743&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=d209f79a2a47a42615055debbb60bf45

http://.../dl?t=dl&from=1&s=http://.../55.html?pscode=69i71j4d9ishopo7qfhsmt8l90&uid=top1game_629515&sid=55&time=1455765759&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=c6885a5429d3e17d319b283fb4be0a42

http://.../dl?t=dl&s=http://.../5.html?pscode=f09a67814196n9j626u9q2lff7&uid=top1game_451983&sid=5&time=1450724557&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=c0ba5cdff2532712fad45261c053b463

http://.../dl?t=dl&from=1&s=http://.../67.html?pscode=leae4hk4l0lc4ms0pidrnm2762&uid=top1game_337219&sid=67&time=1458125438&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=c8167c7336d0857e78f22a3611142320

http://.../dl?t=dl&from=1&s=http://.../7.html?pscode=6gti8kca2duve131ev4pimaen7&uid=top1game_469755&sid=7&time=1451029060&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=35a4fdfb6ec48943e10da09113c349b7

http://.../dl?t=dl&from=1&s=http://.../93.html?pscode=6agfrr17hi7qhrckoplo99nt55&uid=top1game_812643&sid=93&time=1466009556&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=e903e84b1c4c4d16a8166f488f828b84

http://.../dl?t=dl&from=1&s=http://.../13.html?pscode=665n2pa3rg57j8895trjukqr01&uid=top1game_507037&sid=13&time=1451565034&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=00&sign=0ef6288867317cbcfa7fe40b9755cdf8

http://.../dl?t=dl&from=1&s=http://.../22.html?pscode=dqnndhco5drrsvu5oj4rpqjg50&uid=top1game_554457&sid=22&time=1459329777&fcm=1&exts=e30&platform=top1game&channel=1&mutil=1&type=web&bind=11&sign=aabe326fcc410cc78cce3fda20815d36

https://res-ds.top1game.com/tw/.../3DWarlord-1_nikara.exe

Latest 30 of 59 download URLs

Scan 3dwarlord-1_sagele.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.