home

kmp.exe

Softonic Downloader

Korea Network Technology Co., Ltd

The application kmp.exe by Korea Network Technology Co. has been detected as adware by 40 anti-malware scanners. The program is a setup application that uses the Softonic Downloader installer.
Publisher:
Softonic  (signed by Korea Network Technology Co., Ltd)

Product:
Softonic Downloader

Version:
1, 32, 4, 0

MD5:
ccd8bea487da0327af830ce702d459d7

SHA-1:
72a86983b945d1f4ad011464a78abae4a6a35a27

SHA-256:
bc7f9a4840e54809630990fd817af895ee945d9e14e9c51712ad7df7d949bdc9

Scanner detections:
40 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 9:52:49 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/PECompact
7.1.1

avast!
Win32:Adware-gen [Adw]
2014.9-140514

Bkav FE
HW32.CDB
1.3.0.4959

Comodo Security
Application.Win32.Agent.SOFD
18263

Dr.Web
Adware.Downware.353
9.0.1.0134

ESET NOD32
Win32/SoftonicDownloader (variant)
8.9791

Fortinet FortiGate
Riskware/Softonicdownloader
5/14/2014

Malwarebytes
PUP.Optional.Softonic.A
v2014.05.14.12

McAfee
RDN/Generic Downloader.x!kc
5600.7131

nProtect
Trojan/W32.KRFakeKMP.365248
14.05.12.01

Panda Antivirus
Trj/CI.A
14.05.14.12

Reason Heuristics
Bundler.SoftonicDownloader.KoreaNetworkTechnologyCo.D
14.11.21.23

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_SPNV.03DF14
7.2.134

Trend Micro
TROJ_SPNV.03DF14
10.465.14

VIPRE Antivirus
Softonic Downloader
29154

File size:
356.7 KB (365,248 bytes)

Product version:
1, 32, 4, 0

Copyright:
Copyright (C) 2011

Original file name:
SoftonicDownloader.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softonic Downloader

Language:
Spanish (Spain, International Sort)

Common path:
C:\Program Files\kmp.exe

Digital Signature
Signed by:
Korea Network Technology Co., Ltd

Authority:
Thawte, Inc.

Valid from:
10/3/2013 3:30:00 AM

Valid to:
12/3/2014 3:29:59 AM

Subject:
CN="Korea Network Technology Co., Ltd", O="Korea Network Technology Co., Ltd", L=Seongnam-si, S=Gyeonggi-do, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2AB67B7C76D88A5693C0C48E34DA770B

File PE Metadata
Compilation timestamp:
6/28/2012 2:12:44 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:mTUpZdELvLMHcMJPck/kCWs5SP4s7CfyYTkqBt6nzn95RgnraTuX+UYykB2IaRw:mTwEMHNP/R5E4vypUGz95IYuXLYykZ

Entry address:
0x1000

Entry point:
B8, 1C, 89, 4F, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 73, C6, A5, 04, 5B, 9A, 81, 4D, 4F, 95, 65, 49, 36, 6C, 84, 05, 09, 91, 2E, 5D, FC, AC, B8, 0D, 54, 16, 48, C9, 93, 87, 71, 96, 1A, 4E, C4, FC, C2, C4, 65, 56, E3, 55, A1, F6, 1A, DB, 48, 0C, CF, F2, 8A, 27, 64, B4, A9, 70, C6, CA, 41, 1B, 3E, DE, 7F, 75, 50, 21, 46, F5, 5B, 71, 33, E5, 39, 4C, 1F, 3A, A4, 74, 0D, 38, C4, DD, 83, C0, 33, 93, 29, E1, DD, 54, 0C, CC, FC...
 
[+]

Entropy:
7.9646

Packer / compiler:
PECompact v2

Code size:
716.5 KB (733,696 bytes)

Remove kmp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.