home

kof_launcher.exe

DFUM Application

DRAGONFLY GF CO., LTD.

Publisher:
Dragonfly Co. Ltd.  (signed by DRAGONFLY GF CO., LTD.)

Product:
DFUM Application

Version:
1.2.0.2

MD5:
deb6957b81f4f856c42e48870f5e143b

SHA-1:
84e0bfa892c9d3ffa8f3f0136d9e1dec23c2afd6

SHA-256:
64b59a714020cd973d5f014d08a9c5098d5a2c9391b42994d9d7c6506f3b8fbe

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/25/2024 2:36:55 PM UTC  (today)

Scan engine
Detection
Engine version

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

File size:
255.6 KB (261,696 bytes)

Product version:
1.2.0.2

Copyright:
Copyright (C) 2008-2011 Dragonfly Co. Ltd. All rights reserved.

Original file name:
DFUM.exe

File type:
Executable application (Win32 EXE)

Language:
Korean (Korea)

Digital Signature
Signed by:
DRAGONFLY GF CO., LTD.

Authority:
Thawte, Inc.

Valid from:
7/11/2012 7:00:00 AM

Valid to:
7/12/2014 6:59:59 AM

Subject:
CN="DRAGONFLY GF CO., LTD.", OU=SYSTEM Team, O="DRAGONFLY GF CO., LTD.", L=Gangnam-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
080B32179220E78B9CC1F6F2CDFB90F7

File PE Metadata
Compilation timestamp:
10/1/2013 9:33:04 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:xw/qhvUXc7i2R1AW2kN5W0R1SQWMIrYg4Mwl4:xwhXc7i2R1AdkN5JR1IMIr8Mwl4

Entry address:
0x1767D

Entry point:
E8, 03, 8E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 85, C0, 74, 41, 83, 7D, 08, 00, 75, 13, E8, AF, 49, 00, 00, 6A, 16, 5E, 89, 30, E8, DA, 63, 00, 00, 8B, C6, EB, 2A, 83, 7D, 10, 00, 74, E7, 39, 45, 0C, 73, 0E, E8, 91, 49, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, DE, 50, FF, 75, 10, FF, 75, 08, E8, 5E, F5, FF, FF, 83, C4, 0C, 33, C0, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 8D, 45, 14, 50, 6A, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 6D, 28, 00, 00, 83, C4, 14, 5D, C3, 8B, FF, 55, 8B, EC...
 
[+]

Entropy:
6.4789

Code size:
191.5 KB (196,096 bytes)

Scan kof_launcher.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.