home

abc+draft.exe

FGInject

The executable abc+draft.exe, “Starcraft Self Executing Patcher” has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from blogattach.naver.net.
Product:
FGInject

Description:
Starcraft Self Executing Patcher

Version:
1.0.1.0

MD5:
be800df1bb187d36aa8e542ef13ec046

SHA-1:
b2a33eafcb6e754bde857afc2f0db9c90217ad6f

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/23/2024 7:46:11 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.7.26.23

File size:
2.7 MB (2,850,838 bytes)

Product version:
1.0.1.0

Copyright:
Copyright (C) 2006-2007

Original file name:
Inject

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\abc+draft.exe

File PE Metadata
Compilation timestamp:
12/18/2008 10:32:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
49152:KxCbK02L02te2R2jWcPdTm7lQ3e3/pAJq73keN9de7uNU7O:K102L02trR8MeOPIMUy8uNEO

Entry address:
0x1BE0

Entry point:
FF, 15, 84, 20, 40, 00, 6A, 00, FF, 15, 18, 20, 40, 00, E8, 5D, FF, FF, FF, 50, FF, 15, 68, 20, 40, 00, CC, 00, 00, 00, 00, 00, A6, 25, 00, 00, 96, 25, 00, 00, 00, 00, 00, 00, 40, 23, 00, 00, 50, 23, 00, 00, 60, 23, 00, 00, 74, 23, 00, 00, 88, 23, 00, 00, 9A, 23, 00, 00, A6, 23, 00, 00, B4, 23, 00, 00, CA, 23, 00, 00, D8, 23, 00, 00, E8, 23, 00, 00, FA, 23, 00, 00, 0A, 24, 00, 00, 1E, 24, 00, 00, 2A, 24, 00, 00, 36, 24, 00, 00, 2E, 23, 00, 00, 5C, 24, 00, 00, 70, 24, 00, 00, 84, 24, 00, 00, 9A, 24, 00, 00...
 
[+]

Entropy:
7.9469  (probably packed)

Code size:
3 KB (3,072 bytes)

The file abc+draft.exe has been seen being distributed by the following URL.

http://blogattach.naver.net/2abf368592c9ce123cdeb989bc512858f6a755b771/20100924_80_blogfile/.../ABC Draft.exe

Remove abc+draft.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.