home

ks20_drivers.exe

InstallShield

InstallShield Software Corporation

This is a setup and installation application. The file has been seen being downloaded from octopusbox.com.
Publisher:
InstallShield Software Corporation

Product:
InstallShield (R)

Description:
Setup.exe

Version:
10.0.159

MD5:
103a2356882c189bdeac4692bcc7ce67

SHA-1:
42441e774cce20976ba91c9ed8bbeef83f2f8fd8

SHA-256:
8777957e7048b813c6fa3c7c82513bb327085d8f785f628e134d83547b4aad79

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 8:20:29 AM UTC  (today)

File size:
1.7 MB (1,791,613 bytes)

Product version:
10.0

Copyright:
Copyright (C) 2004 InstallShield Software Corp.

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\ks20_drivers.exe

File PE Metadata
Compilation timestamp:
4/19/2004 1:44:28 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:Gtxh9twwXHVQYwU8WAykL1691/HLDCmEm670Lqtx7GxSlXEi/U5fwheAbhfBx:GhHHVqVyM1S/HLmxoqqxpvwMy

Entry address:
0xC7F8

Entry point:
87, C0, 0F, BF, D1, 85, D8, 74, 0B, FE, C8, F7, C6, 16, 73, 94, 8B, C6, C7, DD, BA, 71, A3, 82, F8, 03, C6, F2, 2A, EC, BA, 29, 09, 5D, 97, 03, EF, 03, C7, 05, 32, 7F, FD, 6D, 0F, AF, FA, BD, 36, E7, 2F, 96, FF, CF, F2, E8, 19, 00, 00, 00, B3, 17, 87, D7, 88, F0, 85, CB, 84, E2, 2B, DF, 81, F6, D6, 63, 00, 00, 73, 05, F6, C0, B8, 8A, FC, FE, C6, 8D, 2D, A1, 71, 21, 4E, 0D, FA, B8, E2, 38, 80, D8, AC, F7, C1, 3A, A0, 2C, 9B, 0F, AF, C1, 86, C6, 2B, DB, EB, 05, 33, C2, C6, C4, 48, 0A, F7, 69, CD, 3B, D2, FC...
 
[+]

Code size:
64.5 KB (66,048 bytes)

The file ks20_drivers.exe has been seen being distributed by the following URL.

http://octopusbox.com/files/.../KS20_drivers.exe

Scan ks20_drivers.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.