» KP_5.EXE
Overview
Analysis
File Details
Behaviors (1)

KP_5.EXE

KP_5 应用程序

Chongqing QuWan Technology Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘kuping5’.

File name:

KP_5.EXE

Publisher:

Chongqing QuWan Technology Co., Ltd. (signed and verified)

Product:

KP_5 应用程序

Description:

酷屏5 主程序

Version:

5, 0, 1, 9

MD5:

ff498911f13af73e0646ca93d50a9fa6

SHA-1:

6fab7b59ac338e23286dc376f4037e0a245097c4

SHA-256:

e2d2d10700ca5551ea8d65e718ad851773414daa178c9490a919b7ffb09b91cb

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

5/16/2024 9:49:58 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Weiduan.14

9.0.1.05190

File size:

2.9 MB (3,009,976 bytes)

Product version:

5, 0, 1, 9

Original file name:

KP_5.EXE

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, China)

Common path:

C:\Program Files\kuping5\kp_5.exe

Digital Signature

Signed by:

Chongqing QuWan Technology Co., Ltd.

Authority:

WoSign CA Limited

Valid from:

2/19/2014 5:04:27 PM

Valid to:

2/19/2015 5:04:27 PM

Subject:

CN="Chongqing QuWan Technology Co., Ltd.", E=69650343@qq.com, O="Chongqing QuWan Technology Co., Ltd.", L=Chongqing, S=Chongqing, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

27E41047825795855F19CC7565E51E9E

File PE Metadata

Compilation timestamp:

1/22/2015 3:02:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:j+TGeem1nmIQjhFgOArOiriJZL18Lds9bpvT6WuhzKlV/hv/Pfv/PfIY4UC7vDl+:2dZoZLoot6WWKlV/hv/Pfv/PfIY4UiR8

Entry address:

0xACD54

Entry point:

55, 8B, EC, 6A, FF, 68, 58, E8, 68, 00, 68, B2, CE, 4A, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 30, C8, 68, 00, 59, 83, 0D, F0, 40, 6D, 00, FF, 83, 0D, F4, 40, 6D, 00, FF, FF, 15, 34, C8, 68, 00, 8B, 0D, 3C, 36, 6D, 00, 89, 08, FF, 15, 38, C8, 68, 00, 8B, 0D, 38, 36, 6D, 00, 89, 08, A1, 3C, C8, 68, 00, 8B, 00, A3, EC, 40, 6D, 00, E8, 28, 01, 00, 00, 39, 1D, 18, 9C, 6C, 00, 75, 0C, 68, E8, CE, 4A, 00, FF, 15, 40, C8... 
[+]

Entropy:

6.4124

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

2.5 MB (2,666,496 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

kuping5

Command:

C:\Program Files\kuping5\kp_5.exe \start

Scan KP_5.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.