home

kebibigbrokeren.exe

KebiBigBroker (ActiveX Broker)

Nara Vision co.,Ltd

Publisher:
Naravision  (signed by Nara Vision co.,Ltd)

Product:
KebiBigBroker (ActiveX Broker)

Version:
1.0.0.6

MD5:
365478799b923d7466c7615e0cdd4665

SHA-1:
40a6c66fda52784b17d0c30f241a1ab8e5bcd4a1

SHA-256:
7190039c5007c258e342b8accf40d95146d5a1d992136be1d022dee37920f2eb

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/26/2024 7:55:31 PM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
TROJ_GEN.F47V1115
7.2.364

File size:
1.8 MB (1,881,320 bytes)

Product version:
1.0.0.6

Copyright:
(c) Naravision. All rights reserved.

Original file name:
KebiBigBroker.exe

File type:
Executable application (Win32 EXE)

Language:
Korean (Korea)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\kebibigbrokeren.exe

Digital Signature
Signed by:
Nara Vision co.,Ltd

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
11/25/2008 3:10:02 AM

Valid to:
11/25/2009 3:10:02 AM

Subject:
CN="Nara Vision co.,Ltd", OU=Software Development Department, O="Nara Vision co.,Ltd", L=SEOUL, S=GYEONGGI-DO, C=KR

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
59E26001E824122B96367DE62DC8BDCB

File PE Metadata
Compilation timestamp:
8/27/2009 2:15:14 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:8KSqaw4m6jgw+dFUbuzgQWdrnwZqMNpPYZTPSsfsrcEM:9VEmwgwSQuzgTdUoMNhYRw

Entry address:
0x11856B

Entry point:
E8, 61, CC, 00, 00, E9, 78, FE, FF, FF, 83, 38, 00, 56, 8B, F2, 74, 16, 57, 8A, 16, 84, D2, 74, 0E, 8B, 39, 88, 17, FF, 01, 46, FF, 08, 83, 38, 00, 75, EC, 5F, 5E, C3, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, F2, 33, D2, 89, 55, FC, 39, 55, 08, 74, 35, 83, 39, 01, 8B, 37, 76, 19, 6A, 0A, 99, 5B, F7, FB, 80, C2, 30, 88, 16, 46, FF, 09, 8B, 11, 85, C0, 7E, 05, 83, FA, 01, 77, E7, 8B, 07, 89, 37, 4E, 8A, 10, 8A, 0E, 88, 16, 4E, 88, 08, 40, 3B, C6, 72, F2, EB, 2E, 3B, 31, 73, 28, 4E, 8D, 56, 01, 85, D2, 74, 17, 6A...
 
[+]

Entropy:
6.5479

Code size:
1.3 MB (1,324,032 bytes)

The file kebibigbrokeren.exe has been seen being distributed by the following 2 URLs.

http://mail.sangji.ac.kr/nara/activeX/.../KebiBigBrokerEn.exe

http://mail.kotrakbc.or.kr/nara/activeX/.../KebiBigBrokerEn.exe

Scan kebibigbrokeren.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.