» autoupgrade.exe
Overview
Analysis
File Details
Behaviors (2)
Programs (2)

autoupgrade.exe

Wemade Entertainment co.,Ltd

This file is installed with multiple programs including LostSagaID.

File name:

autoupgrade.exe

Publisher:

IO Entertainment Co., Ltd. (signed by Wemade Entertainment co.,Ltd)

Description:

Lost Saga

Version:

9488

MD5:

40aef0abe2e097d6074f0d4562904cbb

SHA-1:

4ee766016b9ad85ddcbf3d3ea847285e65d9a774

SHA-256:

9300efd7593a256683a4a56b35716fd0cf86c83280aac59785f468ec2746b8f4

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/19/2024 2:39:00 AM UTC (today)

Scan engine

Detection

Engine version

Rising Antivirus

PE:Malware.Packed!1.9C4E

23.00.65.14406

File size:

1.9 MB (2,013,816 bytes)

Product version:

0,0,0,1

IO Entertainment Co., Ltd.

File type:

Executable application (Win32 EXE)

Language:

Korean

Digital Signature

Signed by:

Wemade Entertainment co.,Ltd

Authority:

Thawte, Inc.

Valid from:

1/22/2013 7:00:00 AM

Valid to:

11/22/2013 6:59:59 AM

Subject:

CN="Wemade Entertainment co.,Ltd", OU=IT Team, O="Wemade Entertainment co.,Ltd", L=Guro-gu, S=SEOUL, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

4784FB9CD3D09BC712CFC2FE7D13CF7B

File PE Metadata

Compilation timestamp:

9/3/2013 11:34:33 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:guwtcuoaMiks/DPDV3tY5iDDpF4RvX//IdRkYrlQUMCvOFBhs:stcVh4DD9F5F6vX//I1rlXMbBu

Entry address:

0xE41D3

Entry point:

52, BA, 64, 00, 00, 00, 85, D2, 74, 1D, B9, 00, 10, 00, 00, 85, C9, 74, 07, 01, C8, 01, D8, 49, EB, F5, 52, 54, 54, FF, 15, 40, A0, B5, 00, 5A, 4A, EB, DF, 5A, E9, 00, 6E, 81, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 0A, 00, 01, 00, 00, 00, 60, 00, 00, 80, 02, 00, 00, 00, F0, 00, 00, 80, 03, 00, 00, 00, 28, 03, 00, 80, 05, 00, 00, 00, 40, 03, 00, 80, 06, 00, 00, 00, 90, 03, 00, 80, 0C, 00, 00, 00, 08, 04, 00, 80, 0E, 00, 00, 00, 90, 04, 00, 80, 10, 00, 00, 00, A8, 04, 00, 80, 18, 00, 00... 
[+]

Entropy:

7.9697 (probably packed)

Code size:

1.4 MB (1,519,104 bytes)

2 Windows Firewall Allowed Programs

Name:

D:\GAME\Lost Saga\autoupgrade.exe

Name:

D:\game online\LostSaga\autoupgrade.exe

The file autoupgrade.exe has been discovered within the following programs.

Gemscool G-Booster by PT. KREON

www.gemscool.com/gbooster/index.php

About 1% of users remove it

LostSagaID by IO Entertainment Co., Ltd.

lostsaga.gemscool.com

About 2% of users remove it

Scan autoupgrade.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.