home

FileguriMain.exe

파일구리

Iconcube. Inc.

The application FileguriMain.exe by Iconcube has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address softbank060092091004.bbtec.net on port 34092.
Publisher:
(주)아이콘큐브  (signed by Iconcube. Inc.)

Product:
파일구리

Version:
7, 5, 9, 0

MD5:
9255183549e6330de4d1c7d0b411439f

SHA-1:
6c1cc290c3dcabc35276e525932acf3ef1ff5295

SHA-256:
da13eb8cea33361bf101f7ad05ff22733acac45509450959273ee2a0f10377b5

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/30/2024 7:41:01 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.11.16.13

File size:
13.3 MB (13,900,992 bytes)

Product version:
7, 5, 9, 0

Copyright:
Copyright ⓒ 2000-2016 Iconcube Inc.

Original file name:
FileguriMain.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\iconcube\fileguri\filegurimain.exe

Digital Signature
Signed by:
Iconcube. Inc.

Authority:
Symantec Corporation

Valid from:
9/20/2016 9:00:00 AM

Valid to:
10/21/2018 8:59:59 AM

Subject:
CN=Iconcube. Inc., OU=IT Team, O=Iconcube. Inc., L=Geumcheon-gu, S=SEOUL, C=KR

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
767B944D6C8A18776C2BBB51B0EF9FC1

File PE Metadata
Compilation timestamp:
11/11/2016 2:24:10 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
196608:X2jVtj0miO4jzqL3YeWd6i6iks+Oh5oaQKys7rES8yeIT:Dt6i6iks+Oh5oaQKys7rES8yxT

Entry address:
0x2D6EAF

Entry point:
E8, FD, F7, 00, 00, E9, 16, FE, FF, FF, 3B, 0D, C8, 9F, 7B, 00, 75, 02, F3, C3, E9, 7D, F8, 00, 00, 8B, 01, 8B, 50, FC, 8B, C1, 2B, 42, 04, 8B, 52, 08, 85, D2, 74, 04, 2B, CA, 2B, 01, C3, 55, 8B, EC, 51, 8B, 40, 10, 53, 8B, 58, 08, 56, 33, F6, 85, DB, 57, 8B, 78, 0C, 76, 27, 8B, 04, B7, 8B, 4D, 0C, 89, 45, FC, 8B, 00, 3B, C1, 74, 44, 83, C1, 08, 51, 83, C0, 08, 50, E8, 10, C8, FF, FF, 85, C0, 59, 59, 74, 31, 46, 3B, F3, 72, D9, 33, C0, 5F, 5E, 5B, C9, C3, 8B, 04, B7, F6, 40, 14, 04, 75, F0, 8B, 00, 8B, 4D...
 
[+]

Entropy:
6.0034

Code size:
3.1 MB (3,244,032 bytes)

Windows Firewall Allowed Program
Name:
filegurimain.exe


The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to softbank060092091004.bbtec.net  (60.92.91.4:34092)

TCP (HTTP):
Connects to 94.31.29.54.IPYX-077437-ZYO.above.net  (94.31.29.54:80)

Remove FileguriMain.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.