» m.exe
Overview
Analysis
File Details
Behaviors (1)

m.exe

Антивирус Касперского 6.0 для Windows Workstations

Korea Network Technology Co., Ltd

The application m.exe, “Программа установки Антивируса Касперского 6.0 для Windows Workstations” by Korea Network Technology Co. has been detected as a potentially unwanted program by 8 anti-malware scanners. It runs as a windows Service named “emproxy”.

File name:

m.exe

Publisher:

Лаборатория Касперского (signed by Korea Network Technology Co., Ltd)

Product:

Антивирус Касперского 6.0 для Windows Workstations

Description:

Программа установки Антивируса Касперского 6.0 для Windows Workstations

Version:

6.0.3.837

MD5:

200b82fb5f87d484922068f0560cf98f

SHA-1:

deb3ae97f6e7a9a6da5f0fd664068ad05a8630bf

SHA-256:

7e8183f03cf6e0997a02b853557b9d0298ce50cde20826949a6bcc2ed7e54f69

Scanner detections:

8 / 68

Status:

Potentially unwanted

Analysis date:

4/23/2024 3:30:18 PM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

TrojWare.Win32.Amtar.KNB

20132

ESET NOD32

Win32/Packed.NoobyProtect.P suspicious application

7.0.302.0

Fortinet FortiGate

W32/SfEngine.A!tr

11/19/2014

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.8.3.0

McAfee

Trojan-FDFO!200B82FB5F87

5600.6942

Norman

OnLineGames.LVXF

11.20141119

Reason Heuristics

PUP.Service.KoreaNetworkTechnologyCo.B

14.11.21.23

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.141117

File size:

547.5 KB (560,672 bytes)

Product version:

6.0.3.837

Trademarks:

Антивирус Касперского® - зарегистрированный товарный знак Лаборатории Касперского.

Original file name:

SETUP.EXE

File type:

Executable application (Win32 EXE)

Language:

Russian (Russia)

Common path:

C:\ProgramData\emproxy\m.exe

Digital Signature

Signed by:

Korea Network Technology Co., Ltd

Authority:

Thawte, Inc.

Valid from:

10/3/2013 9:00:00 AM

Valid to:

12/3/2014 8:59:59 AM

Subject:

CN="Korea Network Technology Co., Ltd", O="Korea Network Technology Co., Ltd", L=Seongnam-si, S=Gyeonggi-do, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

2AB67B7C76D88A5693C0C48E34DA770B

File PE Metadata

Compilation timestamp:

11/19/2007 8:39:48 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:NvXqLMF/QlbiUrZWsau99W2DnjQv4A9nfIJM6pOrfVTPmZSgYfyY948lYLmpiTKJ:N/iMS0cJaulQv99fIJGrVTIhYfsiT

Entry address:

0x87236

Entry point:

E8, 21, 00, 00, 00, 53, 61, 66, 65, 6E, 67, 69, 6E, 65, 20, 4C, 69, 63, 65, 6E, 73, 6F, 72, 20, 44, 65, 6D, 6F, 20, 76, 31, 2E, 38, 2E, 30, 2E, 30, 00, EB, 56, 4E, C5, 55, 3C, CF, 23, 2D, A1, 31, 50, A3, 45, 74, 77, 66, E3, 01, E8, 00, 00, 00, 00, 81, 04, 24, 80, FE, FF, FF, E8, FC, DF, F9, FF, E8, 12, F6, F9, FF, 61, E9, 3A, FA, FF, FF, 9B, E0, 06, 22, 64, 8B, 05, 30, 00, 00, 00, 8B, 40, 0C, E9, 6E, 01, 00, 00, D9, 56, C4, A3, 5E, BC, 97, 19, 89, E8, 1B, F0, E4, 6F, FF, 9A, 69, 83, 88, A6, 5A, 42, 8D, 64... 
[+]

Entropy:

6.6022

Service

Display name:

emproxy

Description:

McAfee Email Proxy Service

Type:

Win32OwnProcess, InteractiveProcess

Remove m.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.