home

kumao_client.exe

财神爷[哈哈哈]

DriverDevelop.com

The application kumao_client.exe by DriverDevelop.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
酷猫科技  (signed by DriverDevelop.com)

Product:
财神爷[哈哈哈]

Version:
1.0.0.0

MD5:
5147d5fe44524f8b4aef2c0ab351825f

SHA-1:
a65e9504086d56870ead99ee12b25b249f2adf87

SHA-256:
8eafc5ff32805ae76039cacec1ed6179042acd9e10b2fbee3457e5a147f72a23

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/26/2024 11:42:44 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.12.30.4

File size:
1.3 MB (1,387,064 bytes)

Product version:
1.0.0.0

Copyright:
真是一个让人高兴的故事

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\酷猫\kumao_client.exe

Digital Signature
Signed by:
DriverDevelop.com

Authority:
DriverDevelop.com

Valid from:
8/15/2009 11:02:01 AM

Valid to:
8/13/2019 11:02:01 AM

Subject:
E=ca@zndev.com, CN=DriverDevelop.com Signtools Test cert, OU=Dept. CodeSign CA, O=DriverDevelop.com, S=BeiJing, C=CN

Issuer:
E=ca@zndev.com, CN=DriverDevelop.com CA, OU=DriverDevelop.com CA, O=DriverDevelop.com, L=BeiJing, S=BeiJing, C=CN

Serial number:
011E

File PE Metadata
Compilation timestamp:
11/16/2015 5:27:05 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x8AE29

Entry point:
E8, E1, 80, 00, 00, E9, 89, FE, FF, FF, B8, 54, 3A, 49, 00, A3, C0, CE, 50, 00, C7, 05, C4, CE, 50, 00, 4A, 31, 49, 00, C7, 05, C8, CE, 50, 00, FE, 30, 49, 00, C7, 05, CC, CE, 50, 00, 37, 31, 49, 00, C7, 05, D0, CE, 50, 00, A0, 30, 49, 00, A3, D4, CE, 50, 00, C7, 05, D8, CE, 50, 00, CC, 39, 49, 00, C7, 05, DC, CE, 50, 00, BC, 30, 49, 00, C7, 05, E0, CE, 50, 00, 1E, 30, 49, 00, C7, 05, E4, CE, 50, 00, AA, 2F, 49, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, F2, 8B, 00, 00, DB...
 
[+]

Entropy:
6.3623

Code size:
715 KB (732,160 bytes)

Remove kumao_client.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.