home

KHost.exe

Delivery Manager

Kontiki, Inc

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘kdx’.
Publisher:
Kontiki Inc.  (signed by Kontiki, Inc)

Product:
Delivery Manager

Version:
5.41.810.070

MD5:
4fdd1a1ba807f6b689b0fb8479d739be

SHA-1:
8691c869006734612c8f4ae92378536c06aa0b08

SHA-256:
b204e6bada4863208e3939b1dc0db2b48ad788f6078f1821f0e98296ec24a9a1

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/18/2024 11:24:50 AM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Startup.Kontiki.F
188163

File size:
1.6 MB (1,660,456 bytes)

Product version:
5.41.810.070

Copyright:
Copyright 2001-2008 Kontiki, Inc.

Original file name:
KHost.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\kontiki\khost.exe

Digital Signature
Signed by:
Kontiki, Inc

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
6/5/2008 9:00:00 PM

Valid to:
6/6/2009 8:59:59 PM

Subject:
CN="Kontiki, Inc", OU=Secure Application Development, O="Kontiki, Inc", L=Mountain View, S=California, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
58408973AEC69DFAA9F3913E683B0822

File PE Metadata
Compilation timestamp:
10/7/2008 11:41:23 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
49152:fId66G/kL3wPz5+MooWt2wylw+/5TQ4VQvAhU6x:fI86G/kLgE4UOl3EAhV

Entry address:
0xFA91D

Entry point:
6A, 60, 68, E0, 4C, 55, 00, E8, F7, D1, FF, FF, BF, 94, 00, 00, 00, 8B, C7, E8, 7B, E6, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, E8, D2, 52, 00, 8B, 4E, 10, 89, 0D, F0, FA, 58, 00, 8B, 46, 04, A3, FC, FA, 58, 00, 8B, 56, 08, 89, 15, 00, FB, 58, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, F4, FA, 58, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, F4, FA, 58, 00, C1, E0, 08, 03, C2, A3, F8, FA, 58, 00, 33, F6, 56, 8B, 3D, 80, D3, 52, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Entropy:
6.6283

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
1.2 MB (1,228,800 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
kdx

Command:
C:\Program Files\kontiki\khost.exe -all


The file KHost.exe has been discovered within the following program.

Avanade Quickload Delivery Manager  by VeriSign, Inc.
About 3% of users remove it
 
Powered by Should I Remove It?

Scan KHost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.