» KLPassRecSetup.exe
Overview
Analysis
File Details

KLPassRecSetup.exe

KRyLack Archive Password Recovery

Serhiy Horobets

The application KLPassRecSetup.exe by Serhiy Horobets has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.

File name:

KLPassRecSetup.exe

Publisher:

KRyLack Software (signed by Serhiy Horobets)

Product:

KRyLack Archive Password Recovery

Version:

3.41.54

MD5:

e6ccba6a531532cb9c8726b3fb0f9e72

SHA-1:

5b121bbb460a60fed603e60c40d787c4b065707e

SHA-256:

b18b4e264c1f425f9ee5280f2f83ef824c453bf5165519e7edfb668a872daaec

Scanner detections:

5 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

4/26/2024 4:20:22 AM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

Heur.Suspicious

12134

Dr.Web

Trojan.DownLoader6.12

9.0.1.036

ESET NOD32

Win32/InstallMonetizer.AH potentially unwanted application

7.0.302.0

VIPRE Antivirus

Threat.4371328

46842

File size:

3.7 MB (3,904,336 bytes)

Product version:

3.41.54

Original file name:

KLPassRecSetup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\klpassrecsetup.exe

Digital Signature

Signed by:

Serhiy Horobets

Authority:

The USERTRUST Network

Valid from:

1/17/2010 7:00:00 PM

Valid to:

1/18/2012 6:59:59 PM

Subject:

CN=Serhiy Horobets, O=Serhiy Horobets, STREET=Sechenova st. 7a - 38, L=Kiev, S=Kiev, PostalCode=03127, C=UA

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

30E688418A082C86081E5701459AFF52

File PE Metadata

Compilation timestamp:

9/19/2011 9:48:16 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

98304:Y0vZnVTi2iQQY7XIuWUSyudSO77E2Knx+okiu40ZjD:aQXX/vSyudhE9ookrj/

Entry address:

0x2B574

Entry point:

55, 8B, EC, 83, EC, 44, 56, 57, FF, 15, 60, D1, 42, 00, 8B, F0, 85, F6, 75, 04, 6A, FF, EB, 7C, E8, 21, FD, FF, FF, 8A, 06, 3C, 22, 8B, 3D, C4, D3, 42, 00, 75, 15, 56, FF, D7, 8B, F0, 8A, 06, 3C, 22, 74, 1E, 84, C0, 75, F1, 3C, 22, 75, 1B, EB, 14, 3C, 20, 7E, 15, 56, FF, D7, 8B, F0, 80, 3E, 20, 7F, F6, EB, 09, 3C, 20, 7F, 0B, 56, FF, D7, 8B, F0, 8A, 06, 84, C0, 75, F1, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, 98, D1, 42, 00, F6, 45, E8, 01, 74, 06, 0F, B7, 45, EC, EB, 03, 6A, 0A, 58, 50, 56, 6A, 00, 6A, 00... 
[+]

Entropy:

7.8004

Developed / compiled with:

Microsoft Visual C++

Code size:

175 KB (179,200 bytes)

Remove KLPassRecSetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.