home

kwc__a+i.exe

Downloader

BR SOFTWARE LLC

The file kwc__a+i.exe by BR SOFTWARE has been detected as adware by 19 anti-malware scanners. It is also typically executed from the user's temporary directory.
Publisher:
BR SOFTWARE LLC  (signed and verified)

Product:
Downloader

Version:
1.0.0.0

MD5:
d45633a735d4800c726fc1eb7db6867f

SHA-1:
f26ade21e2fedead337fb53ae5d8911b583d0db1

SHA-256:
fae669b6763a3a9338dcbdd288000735fa8db074328d9802e8fad97b4e139d87

Scanner detections:
19 / 68

Status:
Adware

Analysis date:
4/25/2024 6:19:18 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.8381611
507

Avira AntiVirus
Adware/PCMega.E.2
7.11.177.234

avast!
Win32:Downloader-RBO [Adw]
2014.9-150915

AVG
AdInstaller.K
2016.0.2985

Bitdefender
Trojan.Generic.8381611
1.0.20.1290

Comodo Security
UnclassifiedMalware
19788

Dr.Web
Trojan.DownLoader7.11693
9.0.1.0258

Emsisoft Anti-Malware
Trojan.Generic.8381611
8.15.09.15.03

ESET NOD32
MSIL/Adware.PCMega (variant)
9.10556

F-Secure
Trojan.Generic.8381611
11.2015-15-09_3

G Data
Trojan.Generic.8381611
15.9.24

IKARUS anti.virus
Win32.Downloader.RBO
t3scan.1.7.8.0

McAfee
Artemis!D45633A735D4
5600.6641

MicroWorld eScan
Trojan.Generic.8381611
16.0.0.774

NANO AntiVirus
Trojan.Win32.Generic.dclrqw
0.28.2.62483

nProtect
Trojan.Generic.8381611
14.10.12.01

Reason Heuristics
PUP.BR Software.BRSOFTWARE.Installer (M)
15.9.15.15

Sophos
Generic PUA PC
4.98

Zillya! Antivirus
Adware.PCMega.Win32.55
2.0.0.1953

File size:
17.8 KB (18,248 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2012

Original file name:
Arquivo_Setup.exe

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\kwc__a+i.exe.part

Digital Signature
Signed by:
BR SOFTWARE LLC

Authority:
GlobalSign nv-sa

Valid from:
10/7/2012 12:09:51 PM

Valid to:
6/9/2015 3:58:43 PM

Subject:
CN=BR SOFTWARE LLC, O=BR SOFTWARE LLC, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112102230C0982E220E5F9C53BBC68858B38

File PE Metadata
Compilation timestamp:
10/9/2012 5:49:24 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:ByH4NmlwLa4tlcDHLLpg4QG0IHoEK6XpYOo:Jmy34UhWD1O

Entry address:
0x46CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
10 KB (10,240 bytes)

Remove kwc__a+i.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.