home

keywordpop_biza.exe

doubleup communication

The executable keywordpop_biza.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
doubleup communication  (signed and verified)

MD5:
f7c9fc0719a203f4389d9865af023ddc

SHA-1:
619d63431c585865d8f5ed6ccc88d02bb4af01b0

SHA-256:
0dcda375b77733a3b5e8b5ffe1b9618b5b49bdcc37ab69c2e0af0613ec9d3878

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/26/2024 10:50:31 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.3.19.1

File size:
1.3 MB (1,317,248 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\keywordpop_biza.exe

Digital Signature
Signed by:
doubleup communication

Authority:
Thawte, Inc.

Valid from:
6/22/2012 9:00:00 AM

Valid to:
6/23/2014 8:59:59 AM

Subject:
CN=doubleup communication, O=doubleup communication, L=Gangnam-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
490A43CF38FBAF6F6DC69F740D5F8E01

File PE Metadata
Compilation timestamp:
6/20/1992 7:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:u1F45lyQS1JQeh498B1nGFpbeCYZ/c1ix/T1EfKuKmKNc:W62QeKbKrOu7Osc

Entry address:
0xEECF4

Entry point:
55, 8B, EC, 83, C4, E8, 53, 33, C0, 89, 45, EC, 89, 45, E8, B8, 5C, E7, 4E, 00, E8, 6F, 7D, F1, FF, 33, C0, 55, 68, B3, ED, 4E, 00, 64, FF, 30, 64, 89, 20, 8D, 55, E8, A1, D0, 6B, 4F, 00, 8B, 00, E8, FA, 61, FC, FF, 8B, 45, E8, 8D, 55, EC, E8, 8B, CD, F1, FF, 8B, 45, EC, E8, 9F, 5F, F1, FF, 50, 6A, FF, 6A, 00, E8, C5, 7F, F1, FF, 8B, D8, E8, 4E, 81, F1, FF, 3D, B7, 00, 00, 00, 75, 08, 53, E8, 09, 83, F1, FF, EB, 3B, A1, D0, 6B, 4F, 00, 8B, 00, E8, 13, 5B, FC, FF, 8B, 0D, FC, 66, 4F, 00, A1, D0, 6B, 4F, 00...
 
[+]

Entropy:
6.8507

Developed / compiled with:
Microsoft Visual C++

Code size:
951.5 KB (974,336 bytes)

Remove keywordpop_biza.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.