home

kl.exe

Supersoft

The application kl.exe by Supersoft has been detected as adware by 3 anti-malware scanners. The file has been seen being downloaded from emeraldhospitality.com.
Publisher:
Supersoft  (signed and verified)

MD5:
c3179b3bc2369aa853111d71206e4ed6

SHA-1:
457729f259e582cc3b527559a00befbda688a6e7

SHA-256:
b21c877338328a274c2e204685e2773b49fe3d00ded644fb8d6c6da8dd3e126c

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
4/24/2024 5:44:57 AM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
Spyware.Password
v2014.07.02.05

McAfee
PWSZbot-FXD!C3179B3BC236
5600.7082

Reason Heuristics
PUP.Supersoft.C
14.7.27.14

File size:
392.7 KB (402,152 bytes)

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\kl.exe

Digital Signature
Signed by:
Supersoft

Authority:
Supersoft

Valid from:
9/30/2012 9:26:38 AM

Valid to:
12/31/2039 11:59:59 PM

Subject:
CN=Supersoft

Issuer:
CN=Supersoft

Serial number:
6B50254A40C7CFB14A405056B8F04272

File PE Metadata
Compilation timestamp:
7/1/2014 8:37:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:AwtHvt1RHUT+l2VzBK/e6m/pfLpJfIcrsgPbIF:XKFDee6ifW4EF

Entry address:
0x6251E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.2117

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
385.5 KB (394,752 bytes)

The file kl.exe has been seen being distributed by the following URL.

http://emeraldhospitality.com/OLD/.../kl.exe

Remove kl.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.