home

m.exe

Антивирус Касперского 6.0 для Windows Workstations

Korea Network Technology Co., Ltd

The application m.exe, “Программа установки Антивируса Касперского 6.0 для Windows Workstations” by Korea Network Technology Co. has been detected as a potentially unwanted program by 5 anti-malware scanners.
Publisher:
Лаборатория Касперского  (signed by Korea Network Technology Co., Ltd)

Product:
Антивирус Касперского 6.0 для Windows Workstations

Description:
Программа установки Антивируса Касперского 6.0 для Windows Workstations

Version:
6.0.3.837

MD5:
0a912a6c8568e8a3b9c937ce4c2a244d

SHA-1:
23a7ba9941cbf1da76f853e28ad4af0ef9f7a6d9

SHA-256:
318a480bb1fb3fd7246d45b8e6b147e44f207104ac237d696ea42aeb720f2f31

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 7:43:13 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.Agent
2014.11.19

Bkav FE
HW32.Packed
1.3.0.4959

Qihoo 360 Security
HEUR/QVM16.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.KoreaNetworkTechnologyCo.B
14.11.21.23

Trend Micro House Call
Suspicious_GEN.F47V1118
7.2.323

File size:
694.9 KB (711,592 bytes)

Product version:
6.0.3.837

Copyright:
ЗАО "Лаборатория Касперского", 1996-2007. Все права защищены.

Trademarks:
Антивирус Касперского® - зарегистрированный товарный знак Лаборатории Касперского.

Original file name:
SETUP.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\emproxy\m.exe

Digital Signature
Signed by:
Korea Network Technology Co., Ltd

Authority:
Thawte, Inc.

Valid from:
10/3/2013 9:00:00 AM

Valid to:
12/3/2014 8:59:59 AM

Subject:
CN="Korea Network Technology Co., Ltd", O="Korea Network Technology Co., Ltd", L=Seongnam-si, S=Gyeonggi-do, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2AB67B7C76D88A5693C0C48E34DA770B

File PE Metadata
Compilation timestamp:
11/19/2007 8:39:48 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:CofWzTKBZNnSVHThaTdSXyRyC0hTFAaiZSYDSyTt0PZCOoMH8I4tpcoAPC6d5qHU:bfWHLZTETdHeFA/ZJ+i6XoS8VI4+

Entry address:
0xB7AE2

Entry point:
0F, 8A, 60, 37, FF, FF, 60, 60, 9C, C7, 44, 24, 40, 6E, BA, A9, 13, 9C, C7, 44, 24, 40, EF, 1F, 9A, C8, 9C, 88, 34, 24, 8D, 64, 24, 44, E9, 1A, 7B, 09, 00, B3, 56, 96, E6, 92, 7C, 7E, F4, 49, 6F, 5C, 72, EE, 8B, 4B, 2F, 34, 34, 27, 33, EF, DB, A5, 7D, 76, 78, 6D, 6D, 1D, FD, FE, 12, 19, 15, C1, A5, F9, 4B, 9E, 7B, E8, 05, FA, E2, 0D, 99, 2C, 20, 7F, 90, 7B, 24, 78, C2, 17, 8C, C4, 83, CA, 40, 36, 84, 6B, 00, B8, A0, A0, 1B, BD, C4, 77, 19, 2F, 35, 29, 7A, 67, 62, 6A, 5C, 80, 54, FF, 00, F6, D6, 19, 1E, 3A...
 
[+]

Entropy:
7.8964  (probably packed)

Code size:
10.5 KB (10,752 bytes)

Remove m.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.