home

KebiExplorer.exe

KebiExplorer

Nara Vision co.,Ltd

Publisher:
(주)나라비전  (signed by Nara Vision co.,Ltd)

Product:
KebiExplorer

Version:
1, 0, 0, 104

MD5:
8da97d6e2b3732aefc494b3b0700e03c

SHA-1:
96756926c6409ed5ec576a411baac82a66694d20

SHA-256:
7995fbc76768de55631ac52aa5aa491f1358a74e89325ee2e9d9d1966558ad10

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/26/2024 5:55:16 PM UTC  (today)

Scan engine
Detection
Engine version

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

File size:
1.2 MB (1,213,944 bytes)

Product version:
1, 0, 0, 104

Copyright:
(c) Naravision. All rights reserved.

Original file name:
KebiExplorer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\kebiexplorer.exe

Digital Signature
Signed by:
Nara Vision co.,Ltd

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
11/19/2007 6:12:37 PM

Valid to:
11/22/2008 3:47:58 PM

Subject:
CN="Nara Vision co.,Ltd", OU=Software Development Department, O="Nara Vision co.,Ltd", L=Guro-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
5B5BECF1068FE2082E165589E11AD536

File PE Metadata
Compilation timestamp:
7/17/2008 12:26:45 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:VyLoo7WY3cPROO1N0kv3UVxO0XGx7zF+9M5tiVbvTT1lrHZ:5ki3v3UrO0Wx75+ItiVLTxlDZ

Entry address:
0x65FFE

Entry point:
E8, 56, B3, 00, 00, E9, 16, FE, FF, FF, 6A, 00, FF, 74, 24, 14, FF, 74, 24, 14, FF, 74, 24, 14, FF, 74, 24, 14, E8, CE, B3, 00, 00, 83, C4, 14, C3, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, 83, 60, 46, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08...
 
[+]

Entropy:
6.7911

Code size:
520 KB (532,480 bytes)

The file KebiExplorer.exe has been seen being distributed by the following URL.

http://mail.dst.ac.kr/nara/plug-in/kor/.../KebiExplorer.exe

Scan KebiExplorer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.