» kth_opensearchsetup.exe
Overview
Analysis
File Details

kth_opensearchsetup.exe

KTH 열린 주소창 서비스 VER 2.0

HOW SOFT

The application kth_opensearchsetup.exe by HOW SOFT has been detected as a potentially unwanted program by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.

File name:

Publisher:

하우소프트 (signed by HOW SOFT)

Product:

KTH 열린 주소창 서비스 VER 2.0

Version:

2.0.0.1

MD5:

22c76a26ad9add4442ab02f7056881f9

SHA-1:

ac9560f1ad42a1d4163ecc12dc067c642ff0b59b

Scanner detections:

12 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 11:18:35 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.KTHOpenSearch

2013.11.15

avast!

Win32:HowSoft-A [PUP]

2014.9-140716

Bitdefender

Trojan.Generic.9968777

1.0.20.985

Emsisoft Anti-Malware

Trojan.Generic.9968777

8.14.07.16.12

F-Secure

Trojan.Generic.9968777

11.2014-16-07_4

G Data

Trojan.Generic.9968777

14.7.22

Malwarebytes

Adware.KorAd

v2014.07.16.12

MicroWorld eScan

Trojan.Generic.9968777

15.0.0.591

Panda Antivirus

Suspicious file

14.07.16.12

Reason Heuristics

PUP.Installer.HOWSOFT.T

14.7.16.11

Rising Antivirus

Trojan.Win32.Generic.12867C8B

23.00.65.14714

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.24.3

File size:

836.9 KB (856,992 bytes)

Product version:

2.0.0.1

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\Documents and Settings\{user}\Application data\kth_opensearch\kth_opensearchsetup.exe

Digital Signature

Signed by:

HOW SOFT

Authority:

Thawte, Inc.

Valid from:

12/16/2010 9:00:00 AM

Valid to:

12/17/2011 8:59:59 AM

Subject:

CN=HOW SOFT, O=HOW SOFT, L=Guro-gu, S=SEOUL, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

3B9817FBE154B0346689E1852F9704A7

File PE Metadata

Compilation timestamp:

12/6/2009 7:50:41 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:4EeXIsvFtmtyynWE/Tm7noWrQebvqTHGF/yoxTxV:LszmtywW2mZ8e2TmTxTxV

Entry address:

0x30CB

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9864

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

Remove kth_opensearchsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.