» kvosoft.exe
Overview
Analysis
File Details
Behaviors (1)

kvosoft.exe

The executable kvosoft.exe has been detected as malware by 10 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘kvasoft’.

File name:

kvosoft.exe

MD5:

2506c71f52800aaf1c721c4a5470d750

SHA-1:

275b4d6545261d0d910773cb6329d9f2f475d814

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

4/29/2024 8:21:57 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Crypt.XPACK.Gen

17.03.11

AVG

Win32/Heur

2018.0.2442

Bitdefender

Packer.Malware.NSAnti.1

1.0.20.350

F-Prot

W32/Onlinegames.gen

v6.-

G Data

Packer.Malware.NSAnti

17.3.-

Microsoft Security Essentials

PWS:Win32/Frethog.gen!L

1.163.1557.0

Panda Antivirus

Suspicious file

17.03.11.04

Prevx

Cloaked Malware

3.0.3

Quick Heal

(Suspicious) - DNAScan

3.17.-

ViRobot

Trojan.Win32.Amvo.Gen

17.03.11

File size:

164.8 KB (168,755 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Windows\System32\kvosoft.exe

File PE Metadata

Compilation timestamp:

10/16/2008 10:49:23 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x5BCE6

Entry point:

2B, C7, 83, C8, 0C, 53, C1, E0, 0F, 52, E8, 02, 00, 00, 00, 8B, C5, 1D, E7, 64, 00, 00, 8B, C0, 5B, 23, C3, 23, C7, BA, DE, 6A, 51, 09, 05, 5C, 3A, 00, 00, 53, 8B, C5, 03, DA, 33, C6, 0B, C0, 5A, 8B, C7, 53, 33, C5, BB, 43, EC, B9, 28, 23, C6, 81, C3, F9, B4, BA, F1, C1, D0, 25, 1B, C6, 81, C2, A0, 00, 00, 00, 05, 78, 26, 00, 00, 35, 5E, 74, 00, 00, 53, 2B, C5, 8F, 02, 23, C3, 81, C2, 3D, 00, 00, 00, 1D, 87, 43, 00, 00, 23, C0, 81, F3, D5, 80, 89, E5, 03, C2, 8B, C5, 23, C0, 0B, C6, 58, 53, 8B, D8, 33, C5... 
[+]

Entropy:

7.7220 (probably packed)

Code size:

4 KB (4,096 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

kvasoft

Command:

C:\Windows\System32\kvosoft.exe

Remove kvosoft.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.