home

kxetray.exe

Kingsoft Internet Security

Zhuhai Kingsoft Software Co.,Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘kxesc’.
Publisher:
Kingsoft Corporation  (signed by Zhuhai Kingsoft Software Co.,Ltd)

Product:
Kingsoft Internet Security

Description:
KXEngine Security Center Tray manager

Version:
2010,08,31,16

MD5:
b1964abb97a3cbc6c1a4af1057450ca9

SHA-1:
6d8afb24e1f5b18bd04711ad81c2fbc9c9153fe8

SHA-256:
7707b7d1440d04c016d2b20df8d1cbe04e5ec7adf5b057a8b19b9dcefb530864

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 2:30:47 AM UTC  (today)

File size:
881.4 KB (902,552 bytes)

Product version:
9,0,18308,16

Copyright:
Copyright (C) 1998-2010 Kingsoft Corporation

Original file name:
kxetray.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\common files\kingsoft\kiscommon\kxetray.exe

Digital Signature
Signed by:
Zhuhai Kingsoft Software Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
6/21/2009 8:00:00 PM

Valid to:
6/21/2012 7:59:59 PM

Subject:
CN="Zhuhai Kingsoft Software Co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Zhuhai Kingsoft Software Co.,Ltd", L=Zhuhai, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0BA4BC439930346B95694B4C7F2B981B

File PE Metadata
Compilation timestamp:
8/31/2010 6:06:36 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:ntm8Qvx+McqRjsMoYgmHP4SSDwKAWC3WJWWdWdWWaZqW5atq:hqxQMoYgm4cKAWC3WJWWdWdWWaZ55atq

Entry address:
0x646E2

Entry point:
E8, 01, 06, 00, 00, E9, DA, FC, FF, FF, 68, 04, 43, 46, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 98, 9E, 47, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, 00, 81, 38, 63, 73, 6D, E0, 74, 03, 33, C0, C3, E9, 25, 06, 00, 00, 6A, 14, 68, 68, 42, 47, 00, E8, 89, FF, FF...
 
[+]

Entropy:
5.9104

Code size:
408 KB (417,792 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
kxesc

Command:
"C:\Program Files\common files\kingsoft\kiscommon\kxetray.exe" -autorun


Scan kxetray.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.