home

C9.exe

Continent of The Ninth

Webzen

This is a setup program which is used to install the application. The file has been seen being downloaded from patch.c9.in.th.
Publisher:
Webzen

Product:
Continent of The Ninth

Version:
2, 0, 0, 0

MD5:
b55ebebb38aeb2f002e726c0855cca24

SHA-1:
68cc940d2b0e82c66da67ce4f4d382b769d5216f

SHA-256:
b36e1c5cfe41f906e581bb169b57f18a44ddba0c6abe59c409648c32cf1a4c10

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
6/15/2024 10:11:20 PM UTC  (today)

File size:
11.8 MB (12,421,632 bytes)

Product version:
2, 0, 0, 0

Copyright:
Copyright (C) Webzen 2008

Original file name:
C9.exe

File type:
Executable application (Win32 EXE)

Language:
Korean (Korea)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\c9.exe

File PE Metadata
Compilation timestamp:
2/23/2016 3:15:41 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
196608:3xddGNkXAdlXP8WLPJjCZh78R7q2KbMpyIEkvxwa/FKlF39pFelCd0KAQ6NpWc:3VGNkXgdFLxjCZg22AMpyR6xp/W3pddk

Entry address:
0x6269CF

Entry point:
E9, 23, 9F, A9, FF, 65, 65, 8C, 5F, FB, CC, A5, 5A, 4D, FD, 61, A6, F1, 44, 0A, BC, 7A, 47, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, F9, 08, 16, DF, 22, 78, 44, 02, 3F, 8A, 67, FD, E9, E6, ED, EC, F2, 05, A6, B4, AC, 75, 6D, 31, 00, AB, 90, F0, C9, 13, C8, 6F, 98, DB, C6, 22, CD, FC, AF, A9, 1E, 25, 4A, DB, 91, 59, 06, E1, 57, 8C, 42, 9F, 90, BA, 4B, A0, 94, FF, 57, DD, C4, B1, 54, F8, B9, 93, C0, 3E, 86, 8B, 0D, 2F, 5B, 05, DB, 61, 1D, 48, 31, C1, B1, 0E, BF, F9, 7E, 43, D6, CC, 10, 63, 28, 26, 84, FB, 57...
 
[+]

Entropy:
7.8972

Packer / compiler:
Xtreme-Protector v1.05

Code size:
17.9 MB (18,805,760 bytes)

The file C9.exe has been seen being distributed by the following URL.

http://patch.c9.in.th/.../C9.exe

Scan C9.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.