home

TEFW_Installer.exe

TEFW_Install

RaonSecure Co., Ltd.

Publisher:
Raon Secure Co. Ltd.  (signed by RaonSecure Co., Ltd.)

Product:
TEFW_Install

Description:
TouchEn nxFirewall Installer

Version:
1, 0, 0, 11

MD5:
453692837842d889ae86b320b8031af5

SHA-1:
5d19214b62bd5915702792624a8efed94dd9542e

SHA-256:
f394f14754130512cd5f9f59e968113d95bab0ff9b5610fd0676f03b29cb6af1

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
5/30/2024 5:01:19 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Win32/DH{Z3Y1?}
2016.0.2923

File size:
9.7 MB (10,215,064 bytes)

Product version:
1, 0, 0, 11

Copyright:
Copyright(C)2013 RaonSecure Co., Ltd.

Original file name:
TEFW_Installer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\tefw_installer.exe

Digital Signature
Signed by:
RaonSecure Co., Ltd.

Authority:
Thawte, Inc.

Valid from:
1/7/2015 9:00:00 AM

Valid to:
3/8/2016 8:59:59 AM

Subject:
CN="RaonSecure Co., Ltd.", O="RaonSecure Co., Ltd.", L=Anyang-si, S=Gyeonggi-do, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
09753716CADB664FEDC42A18A610371E

File PE Metadata
Compilation timestamp:
10/30/2015 11:10:34 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
196608:ma/pDb5UDPdHzxVb6QIshHuLvHV15V1swyGI6qWlGEfx8f/CUJyqrhZX:7dMxEQIOONOkxoTX

Entry address:
0x20B36

Entry point:
E8, 15, 83, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, A8, 83, 43, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 85, C0, 5F, 89, 45, FC, 5E, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 14, 51, 43, 00, C9, C2, 08, 00, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B...
 
[+]

Entropy:
6.7724

Code size:
208 KB (212,992 bytes)

The file TEFW_Installer.exe has been seen being distributed by the following 6 URLs.

http://loan.jtchinae-bank.co.kr/resource/TouchEn/nxFw/.../TEFW_Installer.exe

http://download.meritzfire.com/TouchEn/nxFw/.../TEFW_Installer.exe

https://www.eprivacy.go.kr/TouchEn/nxFw/.../TEFW_Installer.exe

http://clean.kisa.or.kr/TouchEn/nxFw/.../TEFW_Installer.exe

https://www.myprivacy.go.kr/TouchEn/nxFw/.../TEFW_Installer.exe

http://www.myprivacy.go.kr/TouchEn/nxFw/.../TEFW_Installer.exe

Scan TEFW_Installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.