home

ki.exe

Laroste Apps

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application ki.exe, “HQ-Quality-v1.6V27.09 exe” by Laroste Apps has been detected as adware by 17 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
HQ-Quality-v1.6V27.09  (signed by Laroste Apps)

Product:
HQ-Quality-v1.6V27.09

Description:
HQ-Quality-v1.6V27.09 exe

Version:
1000.1000.1000.1000

MD5:
24093ade42cf64709b9462a534620c42

SHA-1:
30969947433d3beb670550fe57303d6f1a9576d4

SHA-256:
6658a1cafef1e3d65e2312c433e90802c64e21bd0207de538484010ab05a0f6d

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers. Distributed through the Brightcircle investments brand.

Analysis date:
4/27/2024 4:15:26 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Solimba
2014.10.05

Avira AntiVirus
Adware/CrossRider.pq
7.11.174.250

AVG
Generic
2015.0.3337

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.141210

Dr.Web
Trojan.Crossrider.31451
9.0.1.0274

ESET NOD32
Win32/Toolbar.CrossRider.AV (variant)
8.10511

F-Prot
W32/A-9e906728
v6.4.7.1.166

G Data
Win32.Adware.Crossrider
14.10.24

herdProtect (fuzzy)
variant of sb.exe (Adware)
2014.12.10.11

K7 AntiVirus
Unwanted-Program
13.183.13504

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
14.0.0.3170

Malwarebytes
PUP.Optional.SmartSaver.A
v2014.09.29.07

McAfee
Artemis!0D2B107D6350
5600.6921

Panda Antivirus
Trj/Genetic.gen
14.09.29.07

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
PUP.Task.LarosteApps.C
14.10.1.11

VIPRE Antivirus
Crossrider
33662

File size:
1.4 MB (1,506,200 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
HQ-Quality-v1.6V27.09.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\ki.exe

Digital Signature
Signed by:
Laroste Apps

Authority:
COMODO CA Limited

Valid from:
8/28/2014 1:00:00 AM

Valid to:
8/29/2015 12:59:59 AM

Subject:
CN=Laroste Apps, O=Laroste Apps, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009EFC01D81F792E8B74E2AA245D97A66B

File PE Metadata
Compilation timestamp:
9/26/2014 8:34:26 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:KArWYAWkyvfQSseZxDY1/sEDcwqtxmYN1rgqFKvlFTPPrG6D3QC8pStDTWFkX8:KAhzv49AY++cwkRZ0vD++3QC8pStDTc

Entry address:
0xEC510

Entry point:
E8, C1, 00, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, F4, 01, 01, 00, 3B, 30, 7C, 07, E8, EB, 01, 01, 00, 8B, 30, E8, DE, 01, 01, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 34, 5F, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 30, EF, 54, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 7E, 31, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 30, EF, 54, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, 3D, EE...
 
[+]

Entropy:
6.6111

Code size:
1.1 MB (1,129,984 bytes)

Scheduled Task
Task name:
KI

Trigger:
Logon (Runs on logon)


Remove ki.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.