home

PhotoScape.EXE

PhotoScape

LeCheng(beijing) Technology Development Co.Ltd.

The application PhotoScape.EXE by LeCheng(beijing) Technology Development Co.Ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address 91.220.197.104.bc.googleusercontent.com on port 80 using the HTTP protocol.
Publisher:
LeCheng(beijing) Technology Development Co.Ltd.  (signed and verified)

Product:
PhotoScape

Version:
1, 0, 0, 1302

MD5:
8dbf77dca01b2d32b5156b77abdf2b71

SHA-1:
d058caf9169b68515ff669d4f4f8a9876c4d407c

SHA-256:
bb5b1a92b994ab794cfbe3577a42e2931442d0fa1603193389e41b8498ecbabc

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/21/2024 11:59:32 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Mobogenie (L)
16.9.27.17

File size:
399.6 KB (409,240 bytes)

Product version:
1, 0, 0, 1302

Copyright:
Copyright (C) 2005

Original file name:
PhotoScape.EXE

File type:
Executable application (Win32 EXE)

Language:
Korean

Common path:
C:\Program Files\photoscape\photoscape.exe

Digital Signature
Signed by:
LeCheng(beijing) Technology Development Co.Ltd.

Authority:
VeriSign, Inc.

Valid from:
12/16/2014 1:00:00 AM

Valid to:
12/17/2015 12:59:59 AM

Subject:
CN=LeCheng(beijing) Technology Development Co.Ltd., OU=IT, O=LeCheng(beijing) Technology Development Co.Ltd., L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
09D77BAEB0E0B5305E9A26629BCF675B

File PE Metadata
Compilation timestamp:
3/5/2015 8:04:11 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:jw0VpgMJueHLYlpk6Z1dJ9HkkgO/rqz7zboJ035AFolJdZ:vpNrKFZLHkDOj67zboK3CFoNZ

Entry address:
0x1BE3E

Entry point:
E8, 78, C2, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 53, 8B, 5D, 0C, 66, 83, 3B, 00, 57, 8B, F8, 74, 43, 0F, B7, 08, 66, 85, C9, 74, 39, 8B, D1, 2B, C3, 8B, 4D, 0C, 66, 85, D2, 74, 19, 0F, B7, 11, 66, 85, D2, 74, 2B, 0F, B7, 1C, 08, 2B, DA, 75, 09, 83, C1, 02, 66, 39, 1C, 08, 75, E7, 66, 83, 39, 00, 74, 14, 83, C7, 02, 0F, B7, 17, 83, C0, 02, 66, 85, D2, 75, CB, 33, C0, 5F, 5B, 5D, C3, 8B, C7, EB, F8, 8B, FF, 55, 8B, EC, E8, 44, 45, 00, 00, 85, C0, 74, 07, 50, E8, FC, 46, 00, 00, 59, FF...
 
[+]

Entropy:
6.2410

Code size:
195.5 KB (200,192 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-169-165-185.ap-southeast-1.compute.amazonaws.com  (54.169.165.185:80)

TCP (HTTP):
Connects to 230.28.211.130.bc.googleusercontent.com  (130.211.28.230:80)

TCP (HTTP):
Connects to ec2-52-74-152-45.ap-southeast-1.compute.amazonaws.com  (52.74.152.45:80)

TCP (HTTP):
Connects to 91.220.197.104.bc.googleusercontent.com  (104.197.220.91:80)

TCP (HTTP):
Connects to server-54-230-216-191.mrs50.r.cloudfront.net  (54.230.216.191:80)

TCP (HTTP):
Connects to server-54-230-141-113.sfo5.r.cloudfront.net  (54.230.141.113:80)

TCP (HTTP):
Connects to server-54-192-37-35.jfk1.r.cloudfront.net  (54.192.37.35:80)

TCP (HTTP):
Connects to server-54-192-203-237.fra50.r.cloudfront.net  (54.192.203.237:80)

TCP (HTTP):
Connects to server-54-192-129-49.ams50.r.cloudfront.net  (54.192.129.49:80)

TCP (HTTP):
Connects to server-52-85-63-206.lhr50.r.cloudfront.net  (52.85.63.206:80)

TCP (HTTP):
Connects to server-52-85-133-45.iad53.r.cloudfront.net  (52.85.133.45:80)

TCP (HTTP):
Connects to server-52-84-16-88.sea32.r.cloudfront.net  (52.84.16.88:80)

TCP (HTTP):
Connects to mx-ll-110.164.16-40.static.3bb.co.th  (110.164.16.40:80)

Remove PhotoScape.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.