home

kavsetups_66_82447.exe

Kingsoft Internet Security

Beijing Kingsoft Security software Co.,Ltd

This is a setup program which is used to install the application. The file has been seen being downloaded from click.am1.adm.cnzz.net and multiple other hosts.
Publisher:
Kingsoft Corporation  (signed by Beijing Kingsoft Security software Co.,Ltd)

Product:
Kingsoft Internet Security

Description:
新毒霸安装程序

Version:
2014,01,03,8367

MD5:
cc8ff25a6404a2a99af9c515850ab0d6

SHA-1:
9b1b235cf30cf848c257cb3a0199ae6be3f968c5

SHA-256:
336493f13f3b205c1ec7898a0393cfe2765305dfedf1e90366cef185be1d9d03

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/27/2024 4:15:22 AM UTC  (today)

File size:
30.1 MB (31,578,608 bytes)

Product version:
9,0,141509,8367

Copyright:
Copyright (C) 1998-2014 Kingsoft Corporation

Original file name:
kpacket.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\kavsetups_66_82447.exe

Digital Signature
Signed by:
Beijing Kingsoft Security software Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
12/26/2011 8:00:00 AM

Valid to:
12/26/2014 7:59:59 AM

Subject:
CN="Beijing Kingsoft Security software Co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing Kingsoft Security software Co.,Ltd", L=beijing, S=beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
07BC3A51B589E5AF43291DF84EA4C571

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
786432:BH22j0SJs237EEmAHS5lmqLKJp/R6nPzyWp/8dDfLy4WT:5Twf237Eiy+qgfQuGUdDfLzq

Entry address:
0x16DE50

Entry point:
60, BE, 00, 30, 4B, 00, 8D, BE, 00, E0, F4, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.9997

Packer / compiler:
UPX 2.90LZMA]

Code size:
752 KB (770,048 bytes)

The file kavsetups_66_82447.exe has been seen being distributed by the following 9 URLs.

http://click.am1.adm.cnzz.net/click.php?m4c=3gGTT50lHsABYcynX40GQgsfFQVbGB44UlMwTUpPblBMSi5VUVNdGVlUVw1GLjlXHlkCCgNOGQwaET4gYWIZKHMOd3oXdmYXEHARDAUdUkJeMBATaGwHBD9aVlBUXlZhUEFUDgBsdhZUFA..

http://www.baidu.com/cb.php?c=IgF_pyfqPWbzPjDzrfKYTjYk0A7b5H63nHcsn0KbuHY3njbkn1R0TAq15Hm1nWnYr0K15H79PAmYPhuBuAP9ujD1uyR0uZfqnHfsnWfkrH03PfKdThsqpZwYTjCEQvf8Iy4GUv38pyGGUMPCmy38mvqVQvwdmhDEUA-8pzqhuy-QfNuHwNwNR7PxPWuxn10zrjD8ug9-0ZFb5HD40AFV5H00TZcqn0KdpyfqnHf4nWcsn6KEpyfqPj0YrfKWpyfqPjRzr0KEIv3qn164rfKWThnqnWmknHm

http://www.baidu.com/cb.php?c=IgF_pyfqnHRznWbkrH00IZ0qnfK9ujYkPWc4PHns0Aw-5HDLnWcsnWT0TAq15HDsPj6LPWb0T1d9nAfknym1nHD3PW-WrHm40AwY5HDYn1RsPW01nW60IgF_5y9YIZ0lQzqbQMN8pyq8Qh-Jpy41pA78QhPEUiqbIyF9QvkGUh_Eph-9iY7yRYNRNNKHg1mvg1mvrjR3QhN3ufKzujYL0AFV5H00TZcqn0KdpyfqPWDLrHcLnfKEpyfqnW0zrjnz0APGujYYnHDvPjf0ULI85HD4nHb3P6KWThnqPWfzPWD

http://www.baidu.com/cb.php?c=IgF_pyfqPWb4PjnYn0KYTjYk0A7b5HbYrjczPsKbuHY3P1c4PWm0TAq15HmLnjDvn0K15H0Ymv7hPHTvPW6zryfzmWD0uZfqnHfsPHTYnWfdnfKdThsqpZwYTjCEQvC8Iy4GUv38pyGGUMPCmy38mvqVQvGdUg08TA9s5LNxpvN45HnsPWndPsKzujYv0AFV5H00TZcqn0KdpyfqPWDLrHcLnfKEpyfqnW0zrjnz0APGujYzrjm3PjT0ULI85HD4nHb3P6KWThnqPj0YPs

http://j.union.ijinshan.com/jump.php?u_key=208334

http://j.union.ijinshan.com/jump.php?u_key=372013

http://j.union.ijinshan.com/jump.php?u_key=289737

http://d.union.ijinshan.com/duba/.../KAVSETUPS_66_7477.exe

http://www.baidu.com/cb.php?c=IgF_pyfqnHRznWbkrH00IZ0qnfK9ujYkPW63rH640Aw-5HDLnWcsnH60TAq15HDsPj6LPW60T1Y3PHcvn10YnWKbPjT4rHuW0AwY5HDYn1mkPH64P1T0IgF_5y9YIZ0lQzqbQMN8pyq8Qh-Jpy41pA78QhPEUiqbIyF9QvkGUh_Eph-9iY7yRYNRNNKHg1mvg1mvrjR3QhN3ufKzujY4rHb0mhYqn0KsTWYs0ZNGujYvnHT4nWTk0AqGujYznjc3n1c0mv-b5HfknHmYP0KEIv3qnHbkrH6v0APzm1Y1rHb4P0

Scan kavsetups_66_82447.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.