» knsd1814.tmp
Overview
Analysis
File Details
Behaviors (1)

knsd1814.tmp

The file knsd1814.tmp has been detected as a potentially unwanted program by 11 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Dual Core Text”.

File name:

knsd1814.tmp

MD5:

d51ed91673afe23a199ad9c2e398ec9d

SHA-1:

d43aa0d049e493314e21494dd081036b5b61a4aa

SHA-256:

86f90118b9045aec5a6a33b4a7660121adbfb63d10677bb72468ecb29eb7b586

Scanner detections:

11 / 68

Status:

Potentially unwanted

Analysis date:

4/20/2024 4:08:22 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.ConvertAd.17

431

Avira AntiVirus

ADWARE/ConvertAd.Gen7

8.3.2.4

Arcabit

Trojan.ConvertAd.17

1.0.0.627

Bitdefender

Gen:Variant.ConvertAd.17

1.0.20.1675

Emsisoft Anti-Malware

Gen:Variant.ConvertAd.17

10.0.0.5366

ESET NOD32

Win32/Adware.ConvertAd.ACN application

7.0.302.0

F-Secure

Gen:Variant.ConvertAd.17

5.15.21

G Data

Gen:Variant.ConvertAd.17

15.12.25

MicroWorld eScan

Gen:Variant.ConvertAd.17

16.0.0.1005

Norman

Gen:Variant.ConvertAd.17

07.10.2015 03:16:12

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1077

File size:

299 KB (306,176 bytes)

Common path:

C:\Program Files\5ac6db00-1431484855-1012-b6d6-d934b2451577\knsd1814.tmp

File PE Metadata

Compilation timestamp:

11/30/2015 10:05:24 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:ARaX/TFUb3ijwI5bapOVK8gaNVFTG5JcF:AR0/TFUb3ihbap6K8gawcF

Entry address:

0x23DE8

Entry point:

E8, 12, 8F, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, B5, EE, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, A0, 78, 44, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 54, 90, 43, 00... 
[+]

Entropy:

6.4019

Code size:

223 KB (228,352 bytes)

Service

Display name:

Dual Core Text

Service name:

gowuxewe

Description:

Flat Panel Monitor Laptop Computer

Type:

Win32OwnProcess

Remove knsd1814.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.