home

sirius.20.13.rev.installer.exe

Ymir Entertainment Co., Ltd

This is a setup and installation application. The file has been seen being downloaded from www.siriusmt2.com and multiple other hosts.
Publisher:
SiriusMT2  (signed by Ymir Entertainment Co., Ltd)

Product:
SiriusMT2

Description:
Client_Downloader

Version:
1.0.0.0

MD5:
7208273ff425577a68ddb21f7e8b7b0a

SHA-1:
b66c917d6db8f7f0cdff1e68a9cf6d5967882e3d

SHA-256:
20b79709c650872aa122b08b51e9f7115278c845f00340638b17c8e3fa066010

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/25/2024 10:58:18 PM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
Suspicious_GEN.F47V0729
7.2.280

File size:
816.5 KB (836,112 bytes)

Product version:
1.0.0.0

Copyright:
Copyright ©SiriusMT2 2013

Original file name:
Client_Downloader.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\sirius.20.13.rev.installer.exe

Digital Signature
Signed by:
Ymir Entertainment Co., Ltd

Authority:
Thawte, Inc.

Valid from:
6/6/2012 2:00:00 AM

Valid to:
8/6/2014 1:59:59 AM

Subject:
CN="Ymir Entertainment Co., Ltd", O="Ymir Entertainment Co., Ltd", L=GyangNam-Gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
40DB0889DC1AE4DCB8A753D60220CAB8

File PE Metadata
Compilation timestamp:
6/20/2014 9:41:29 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:StMGg+ibO5oFkr6dn+9XV6t73v53yyubqRmzZU9PRhex0hHYDPboNEI4Up/aH2qg:BNBn+y7BCzqmzcPHYzboNShztI8ul

Entry address:
0xC5FBE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A9, E5, A3, 53, 00, 00, 00, 00, 02, 00, 00, 00, 62, 00, 00, 00, 1C, 60, 0C, 00, 1C, 44, 0C, 00, 52, 53, 44, 53, B7, 8E, BA, 2C, 7E, E8, 69, 41, 9F, B0, B2, 83, 32, DF, 42, 4E, 01, 00, 00, 00, 44, 3A, 5C, 63, 6C, 69, 65, 6E, 74, 69...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
784 KB (802,816 bytes)

The file sirius.20.13.rev.installer.exe has been seen being distributed by the following 2 URLs.

https://www.siriusmt2.com/.../sirius.20.13.rev.installer.exe

http://www.siriusmt2.com/.../sirius.20.13.rev.installer.exe

Scan sirius.20.13.rev.installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.