home

demo.exe

454

JOONGWON GAMES Co.,Ltd

The file demo.exe has been detected as malware by 11 anti-virus scanners.
Publisher:
JOONGWON GAMES Co.,Ltd  (signed and verified)

Product:
454

Version:
1.0.0.1

MD5:
f622b04a1f05ef6e36daf0c427870b36

SHA-1:
dc4251aebdd8958372e218deb9a3331f6d68d8d3

SHA-256:
d9d0a870236075e87985092f24b84a14f91983d7b6659923fcf7870a90b0adc8

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
4/19/2024 9:56:47 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Graftor.660224.2
7.11.214.38

Baidu Antivirus
Trojan.Win32.Clicker
4.0.3.1582

Bitdefender
Gen:Variant.Graftor.175969
1.0.20.1070

Emsisoft Anti-Malware
Gen:Variant.Graftor.175969
8.15.08.02.11

F-Secure
Gen:Variant.Graftor.175969
11.2015-02-08_1

G Data
Gen:Variant.Graftor.175969
15.8.25

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.6.0

Kaspersky
Trojan-Clicker.Win32.Agent
14.0.0.1643

McAfee
Artemis!F622B04A1F05
5600.6686

MicroWorld eScan
Gen:Variant.Graftor.175969
16.0.0.642

Trend Micro House Call
TROJ_GEN.R02SH09C515
7.2.214

File size:
644.8 KB (660,224 bytes)

Product version:
1.0.0.1

Original file name:
demo.exe

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\appdata\local\temp\1329.tmp

Digital Signature
Signed by:
JOONGWON GAMES Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
2/26/2013 7:00:00 PM

Valid to:
2/27/2014 6:59:59 PM

Subject:
CN="JOONGWON GAMES Co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="JOONGWON GAMES Co.,Ltd", L=Seongbuk-gu, S=Seoul, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5FF4023F58DA20F9CA6DFB0F30A097BC

File PE Metadata
Compilation timestamp:
3/4/2015 10:24:20 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:pAG/S6KfiUHmhe29Fjtkl31rVIzJCL1fmhgOqD:pRK9WG3dVIlCL1+hgOqD

Entry address:
0x2FDE7

Entry point:
E8, DB, 88, 00, 00, E9, 17, FE, FF, FF, 3B, 0D, 50, 20, 46, 00, 75, 02, F3, C3, E9, 5B, 89, 00, 00, 8B, 44, 24, 04, 66, 8B, 54, 24, 08, EB, 07, 66, 3B, CA, 74, 11, 40, 40, 0F, B7, 08, 66, 85, C9, 75, F1, 66, 39, 10, 74, 02, 33, C0, C3, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, F3, 5B, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 51, 12, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, CE, 5B, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB...
 
[+]

Entropy:
6.8018

Code size:
316 KB (323,584 bytes)

Remove demo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.