home

killprocess.exe

Accenture

Publisher:
Accenture  (signed and verified)

MD5:
4da31dd331061a9e2c20b0600a5bc992

SHA-1:
df8fed0e74af4537fa77702e8aee7204468483b5

SHA-256:
12cbe17b72c3ef8370a219ef7832f41b34ca1c5df2033b3d41c6f65e9a1a127d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/20/2024 12:29:08 AM UTC  (today)

File size:
20.4 KB (20,840 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\pchc\install\killprocess.exe

Digital Signature
Signed by:
Accenture

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
2/1/2009 5:00:00 PM

Valid to:
2/2/2011 4:59:59 PM

Subject:
CN=Accenture, OU=External, O=Accenture, L=Chicago, S=Illinois, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
10AE984DA23375E31347BB387DBF8038

File PE Metadata
Compilation timestamp:
4/9/2006 2:46:21 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

CTPH (ssdeep):
192:f82yFo5GLrdTr1pms3E5/MLGqGNoynv64Y20ttMh8P57wWOeyowJL/9h:02yYIr5JAeE5/MLGqmo/tt8UYJL9h

Entry address:
0x1654

Entry point:
55, 8B, EC, 6A, FF, 68, 98, 20, 40, 00, 68, 90, 17, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 20, 53, 56, 57, 89, 65, E8, 83, 65, FC, 00, 6A, 01, FF, 15, 74, 20, 40, 00, 59, 83, 0D, D0, 33, 40, 00, FF, 83, 0D, D4, 33, 40, 00, FF, FF, 15, 64, 20, 40, 00, 8B, 0D, CC, 33, 40, 00, 89, 08, FF, 15, 70, 20, 40, 00, 8B, 0D, C8, 33, 40, 00, 89, 08, A1, 6C, 20, 40, 00, 8B, 00, A3, D8, 33, 40, 00, E8, C3, 00, 00, 00, 83, 3D, B0, 33, 40, 00, 00, 75, 0C, 68, 82, 17, 40, 00, FF, 15, 68, 20...
 
[+]

Entropy:
3.6348

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
4 KB (4,096 bytes)

The file killprocess.exe has been seen being distributed by the following 3 URLs.

https://test.centurylinkrc.com/Home/Tools/PCHC/.../KillProcess.exe

https://centurylinkrc.com/Home/Tools/PCHC/.../KillProcess.exe

https://www.centurylinkrc.com/Home/Tools/PCHC/.../KillProcess.exe

Scan killprocess.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.