» kedvgkhk.exe
Overview
Analysis
File Details
Behaviors (1)

kedvgkhk.exe

The executable kedvgkhk.exe has been detected as malware by 22 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘hwhfwgxt’. According to AVG, this software downloads additional adware offers during setup.

File name:

kedvgkhk.exe

Version:

MD5:

eb591655c71ae79546edd39af5b837d3

SHA-1:

32d4f7df9d9adf9026130eb18e99e5efb08ba040

SHA-256:

f239b6a60dec9dd0f938a0c014079e9f07c6c2d37f9d569c5c9088dcdf9813c9

Scanner detections:

22 / 68

Status:

Malware

Analysis date:

4/27/2024 1:38:26 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Agent.BGEA

835

AegisLab AV Signature

Troj.W32.Gen

2.1.4+

Avira AntiVirus

TR/Kuluoz.A.290

7.11.180.154

avast!

Win32:Malware-gen

141003-0

AVG

Downloader.Generic14

2015.0.3313

Bitdefender

Trojan.Agent.BGEA

1.0.20.1475

Dr.Web

BackDoor.Kuluoz.4

9.0.1.05190

Emsisoft Anti-Malware

Trojan.Agent.BGEA

8.14.10.22.06

ESET NOD32

Win32/TrojanDownloader.Zortob

8.10604

F-Secure

Trojan.Agent.BGEA

11.2014-22-10_4

G Data

Trojan.Agent.BGEA

14.10.24

Kaspersky

Net-Worm.Win32.Aspxor

15.0.0.494

McAfee

Packed-BZ!EB591655C71A

5600.6969

Microsoft Security Essentials

Threat.Undefined

1.187.228.0

MicroWorld eScan

Trojan.Agent.BGEA

15.0.0.885

NANO AntiVirus

Trojan.Win32.Aspxor.dgyhwc

0.28.2.62841

Norman

Kuluoz.EP

11.20141022

nProtect

Trojan.Agent.BGEA

14.10.22.01

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

Rising Antivirus

PE:Malware.FakeDOC@CV!1.9C3C

23.00.65.141020

Sophos

Troj/Weelsof-IR

4.98

Vba32 AntiVirus

BScope.Trojan-Dropper.8612

3.12.26.3

File size:

168 KB (172,032 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\kedvgkhk.exe

File PE Metadata

Compilation timestamp:

10/19/2014 10:24:20 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

3072:1PcpR7Do63xuJtqk1pqaGiIjjhRpMUY7A0djmUqQeqHG41y:s7c63xuXqUqaGixA+G4k

Entry address:

0x2E69

Entry point:

E8, AE, 2D, 00, 00, E9, 1F, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 3A, 2E, 00, 00, C7, 06, 40, 82, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 40, 82, 41, 00, E9, 69, 2F, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 40, 82, 41, 00, E8, 56, 2F, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, B6, 30, 00, 00, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 64, 2E, 00, 00, C7, 06, 40, 82, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D... 
[+]

Entropy:

6.7092

Code size:

92 KB (94,208 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

hwhfwgxt

Command:

"C:\users\{user}\appdata\local\kedvgkhk.exe"

Remove kedvgkhk.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.