» kaspersy world.exe
Overview
Analysis
File Details
Network (1)

kaspersy world.exe

Kaspersky World

Slipknot Corp.

The executable kaspersy world.exe has been detected as malware by 26 anti-virus scanners. While running, it connects to the Internet address dev.ucoz.net on port 80 using the HTTP protocol.

File name:

kaspersy world.exe

Publisher:

Slipknot Corp.

Product:

Kaspersky World

Version:

1.3.21.0

MD5:

9ddce0ee5760fd55858da9a4fc54b52a

SHA-1:

dafc5268968cde9b966db6e5354104de050c7d9f

SHA-256:

8d0b3f609df92cc0a71c68ad981d0ea8c283af6f9a863a92e194c1d044df7899

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

4/26/2024 5:32:39 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2486312

585

Agnitum Outpost

Trojan.Agent

7.1.1

Avira AntiVirus

TR/Crypt.ULPM.Gen

8.3.1.6

Arcabit

Trojan.Generic.D25F028

1.0.0.425

avast!

Win32:Virtualizer [Cryp]

2014.9-150630

AVG

Generic15

2016.0.3063

Baidu Antivirus

Trojan.Win32.Generik

4.0.3.15630

Bitdefender

Trojan.GenericKD.2486312

1.0.20.905

Emsisoft Anti-Malware

Trojan.GenericKD.2486312

8.15.06.30.03

ESET NOD32

Generik.EQCDVHY (variant)

9.11807

Fortinet FortiGate

W32/Generik.EQCDVHY!tr

6/30/2015

F-Secure

Trojan.GenericKD.2486312

11.2015-30-06_3

G Data

Trojan.GenericKD.2486312

15.6.25

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.9.5.0

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.1809

Malwarebytes

Trojan.Agent.CK

v2015.06.30.03

McAfee

Artemis!9DDCE0EE5760

5600.6719

MicroWorld eScan

Trojan.GenericKD.2486312

16.0.0.543

nProtect

Trojan.GenericKD.2486312

15.06.18.01

Panda Antivirus

Trj/Chgt.O

15.06.30.03

Qihoo 360 Security

HEUR/QVM11.1.Malware.Gen

1.0.0.1015

Quick Heal

Trojan.Bumat.r4

6.15.14.00

Rising Antivirus

PE:Packer.Win32.VmpPacker.a!1356661

23.00.65.15628

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R047B01FD15

7.2.181

VIPRE Antivirus

Trojan.Win32.Generic

41246

File size:

1.3 MB (1,331,712 bytes)

Product version:

1.3

Original file name:

KW.exe

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

File PE Metadata

Compilation timestamp:

6/12/2015 4:44:18 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:0owWlRkcOv54k8kRWZFLOoigd7dvAA2FXTZSUjwndIG4gYadvl/Ffns7QJcHyB:hKcS4vJFLOoPldvAAedD8nOJadvPfmv8

Entry address:

0x40C5C0

Entry point:

60, BE, 00, D0, 6C, 00, 8D, BE, 00, 40, D3, FF, C7, 87, 38, FC, 2E, 00, F7, EA, 3D, E8, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46... 
[+]

Entropy:

7.9058

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

1.3 MB (1,310,720 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to dev.ucoz.net (193.109.247.250:80)

Remove kaspersy world.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.