home

LottoSearch.exe

LottoSearch

PODCornCommunication. Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘JJANGLotto’.
Publisher:
PODCornCommunication. Co., Ltd.  (signed and verified)

Product:
LottoSearch

Version:
1.00

MD5:
3147385fdd1a44b700cc8ab47d8438ac

SHA-1:
9cfc270b8b2f044778d4d5c3d2024bc5eafb18dc

SHA-256:
72f6977c148ce4e6025b867aeb9e6c484bb8ecb0b067a15d5a8b6ea8909d816e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 10:22:55 PM UTC  (today)

File size:
814.7 KB (834,280 bytes)

Product version:
1.00

Original file name:
LottoSearch.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\jjanglotto\lottosearch.exe

Digital Signature
Signed by:
PODCornCommunication. Co., Ltd.

Authority:
Thawte, Inc.

Valid from:
11/23/2012 9:00:00 AM

Valid to:
11/24/2013 8:59:59 AM

Subject:
CN="PODCornCommunication. Co., Ltd.", OU=IT Team, O="PODCornCommunication. Co., Ltd.", L=Sungnam-si, S=Gyeonggi-do, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6399E0A5FC1F7D0E257DEEA8F22D0BC9

File PE Metadata
Compilation timestamp:
1/7/2013 3:11:26 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:wTA4O6JTMKoWlIzpvA4O6JTMKoWlIHtPRIxLPIznMMF0d3A4O6JTMKoWlI4:sm6J9o+Itm6J9o+IHtPexLPTm6J9o+I4

Entry address:
0x1F04

Entry point:
68, 94, D2, 43, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 11, 3E, B0, 6E, 67, ED, B4, 4D, 8F, 1B, BB, F8, 78, 24, B1, BE, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4C, 6F, 74, 74, 6F, 53, 65, 61, 72, 63, 68, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 0E, 0F, 2B, A6, 96, AE, 13, 0B, 4E, 9B, 49, AA, FE, 99, 17, D2, E1, 71, 79, 94, 14, C8, FC, 15, 4B, 95, 1B, 7C, 02, 2E, BD, 7B, C0, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
4.6728

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
560 KB (573,440 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
JJANGLotto

Command:
C:\Program Files\jjanglotto\lottosearch.exe


Scan LottoSearch.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.