home

Kuaiwan.exe

快玩

Shenzhen QVOD Technology Co.,Ltd

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Kuaiwan’.
Publisher:
Shenzhen QVOD Technology Co.,Ltd  (signed and verified)

Product:
快玩

Version:
3, 1, 0, 4

MD5:
633b3b1db1cd8be5cf095b816cf53e40

SHA-1:
11515ea46170bac8a9eb5f2e982ee60481851efc

SHA-256:
862e83ea62424a105420423a9e980aa1cd0c28933b14deecf53a49d7af2bc35f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 7:04:13 AM UTC  (today)

File size:
1.9 MB (2,038,280 bytes)

Product version:
3, 1, 0, 4

Copyright:
Shenzhen QVOD Technology Co.,Ltd Copyright (C) 2010 - 2012

Original file name:
Kuaiwan.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\kuaiwan\kuaiwan.exe

Digital Signature
Signed by:
Shenzhen QVOD Technology Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
4/20/2011 8:00:00 AM

Valid to:
7/17/2013 7:59:59 AM

Subject:
CN="Shenzhen QVOD Technology Co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Shenzhen QVOD Technology Co.,Ltd", L=shenzhen, S=guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2CCAC0204E26AFC893F8A3DB73E01C70

File PE Metadata
Compilation timestamp:
12/19/2012 10:35:58 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:wI55QTeXBHzYLYZdMH3gXlYwbKP0YLZAiQAjmWSjY7yw7Tx1csK+Z6:wUQTYdX/+P7LlmVw7Tx1lk

Entry address:
0x10C6EF

Entry point:
E8, 32, 50, 00, 00, E9, 17, FE, FF, FF, E9, DC, 09, 00, 00, 3B, 0D, 3C, 92, 59, 00, 75, 02, F3, C3, E9, AD, 50, 00, 00, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 14, 75, 20, E8, 39, 53, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, DD, 17, 00, 00, 83, C4, 14, 83, C8, FF, E9, C5, 00, 00, 00, 56, 8B, 75, 0C, 57, 8B, 7D, 10, 3B, FB, 74, 24, 3B, F3, 75, 20, E8, 09, 53, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, AD, 17, 00, 00, 83, C4, 14, 83, C8, FF, E9, 93, 00, 00, 00, 81, FF, FF, FF...
 
[+]

Entropy:
6.2731

Code size:
1.3 MB (1,327,104 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Kuaiwan

Command:
"C:\Program Files\kuaiwan\kuaiwan.exe" -s


Scan Kuaiwan.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.