home

LottoSearch.exe

LottoSearch

PODCornCommunication. Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘JJANGLotto’.
Publisher:
PODCornCommunication. Co., Ltd.  (signed and verified)

Product:
LottoSearch

Version:
1.00.0016

MD5:
cf9f1e7e5df3cc8fdbe2add41c26736c

SHA-1:
f8c0336dc5ab24804f4de20bcde13392d906d5c2

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 12:34:09 AM UTC  (today)

File size:
3.2 MB (3,325,840 bytes)

Product version:
1.00.0016

Original file name:
LottoSearch.exe

File type:
Executable application (Win32 EXE)

Language:
Korean

Common path:
C:\Program Files\jjanglotto\lottosearch.exe

Digital Signature
Signed by:
PODCornCommunication. Co., Ltd.

Authority:
Thawte, Inc.

Valid from:
11/23/2012 7:00:00 AM

Valid to:
11/24/2013 6:59:59 AM

Subject:
CN="PODCornCommunication. Co., Ltd.", OU=IT Team, O="PODCornCommunication. Co., Ltd.", L=Sungnam-si, S=Gyeonggi-do, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6399E0A5FC1F7D0E257DEEA8F22D0BC9

File PE Metadata
Compilation timestamp:
7/16/2013 5:36:39 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:Um6J9o+Ij/m6J9o+Ihm6J9o+ITm6J9o+IEm6J9o+I6m6J9o+Ijm6J9o+ITm6J9oQ:mUjUhUnUUUSU7UzUJUHUJUsQ/j+UP

Entry address:
0x2E48

Entry point:
68, E8, E2, 43, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, A8, A4, 06, 43, 37, D8, F7, 49, A0, BE, 1E, 8E, 78, 8E, C2, 6E, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4C, 6F, 74, 74, 6F, 53, 65, 61, 72, 63, 68, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 0F, CB, 09, 6D, 8F, C2, 5F, 87, 41, A6, 3C, 2A, EA, A4, BA, 31, 98, 49, 14, 64, 67, 1B, 05, 7E, 46, 82, 1F, 2D, 0F, DC, CD, 17, BF, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
4.6223

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
2.9 MB (3,067,904 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
JJANGLotto

Command:
C:\Program Files\jjanglotto\lottosearch.exe


Scan LottoSearch.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.