home

k-lite-codec-pack-full-910-baixaki-32-bits.exe

NO ZEBRA NETWORK LTDA

The application k-lite-codec-pack-full-910-baixaki-32-bits.exe by NO ZEBRA NETWORKA has been detected as adware by 10 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from dl.baixaki.com.br.
Publisher:
NO ZEBRA NETWORK LTDA  (signed and verified)

MD5:
e957ac1b98c120781cfb455fcb17d3e6

SHA-1:
ca0858faaecf656edf6710634e5ee0de3427febf

SHA-256:
55e835376647ae2ad75c305917217c817e3dd361f813334bed389f2602f74d19

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/25/2024 10:07:33 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/Installco.AB
7.11.97.100

avast!
Win32:Delf-SUD [PUP]
2014.9-140903

Dr.Web
Adware.InstallCore.59
9.0.1.0246

ESET NOD32
Win32/InstallCore.AL (variant)
8.8706

F-Prot
W32/InstallCore.G.gen
v6.4.7.1.166

Reason Heuristics
PUP.NOZEBRANETWORKA.k
14.9.3.15

Trend Micro House Call
TROJ_GEN.RCBH1BP
7.2.246

VIPRE Antivirus
InstallCore
20692

File size:
1 MB (1,090,000 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\k-lite-codec-pack-full-910-baixaki-32-bits.exe

Digital Signature
Signed by:
NO ZEBRA NETWORK LTDA

Authority:
COMODO CA Limited

Valid from:
7/30/2012 9:00:00 PM

Valid to:
7/31/2013 8:59:59 PM

Subject:
CN=NO ZEBRA NETWORK LTDA, O=NO ZEBRA NETWORK LTDA, STREET=R PASTEUR 463, L=BATEL CURITIBA, S=PARANA, PostalCode=80250080, C=BR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
26556D2FFBCEFA88C86C73FAA9F72A54

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:kcUx0rwjb/gSTm2bORdGpSXgVxTXCOu+bOsFVw7k0:kcUxewYSTrodGp5Vk4FVwI

Entry address:
0xCB8D0

Entry point:
55, 8B, EC, 83, C4, F0, B8, D0, F2, 41, 00, E8, EA, E4, FF, FF, 1D, E4, 75, 46, 00, EB, 51, 8B, 3B, 8B, 73, 08, 3B, EE, 77, 46, 8B, C6, 03, 43, 0C, 3B, 44, 24, 10, 77, 3B, 3B, 74, 24, 08, 73, 04, 89, 74, 24, 08, 8B, C6, 03, 43, 0C, 3B, 44, 24, 0C, 76, 04, 89, 44, 24, 0C, 68, 00, 80, 00, 00, 6A, 00, 56, E8, EF, FC, FF, FF, 85, C0, 75, 0A, C7, 05, C0, 75, 46, 00, 01, 00, 00, 00, 8B, C3, E8, 8A, FD, FF, FF, 8B, DF, 81, FB, E4, 75, 46, 00, 75, A7, 8B, 44, 24, 04, 33, D2, 89, 10, 83, 7C, 24, 0C, 00, 74, 19, 8B...
 
[+]

Entropy:
6.9662

Developed / compiled with:
Microsoft Visual C++

Code size:
829.5 KB (849,408 bytes)

The file k-lite-codec-pack-full-910-baixaki-32-bits.exe has been seen being distributed by the following URL.

http://dl.baixaki.com.br/programas/.../k-lite-codec-pack-full-910-baixaki-32-bits.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.