home

mk0u1xk6.exe

KingTranslate

Koyote-Lab Inc.

The file mk0u1xk6.exe, “KingTranslate Install” by Koyote-Lab has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from download.kingtranslate.com.
Publisher:
Koyote-Lab Inc.  (signed and verified)

Product:
KingTranslate

Description:
KingTranslate Install

Version:
1.0.0.701

MD5:
e415ff4eecae354541d098c6b9f04693

SHA-1:
0e9f83faf147b2f36a512372219b54f24921f2d8

SHA-256:
0a5f406d8444f97c56cec21341f0d2b726eb8b0fed750e15e35dc90569e6a849

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/25/2024 9:03:41 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Bandoo.KoyoteLab.Installer (M)
16.1.3.16

File size:
1.1 MB (1,137,872 bytes)

Product version:
1.0.0.701

Copyright:
Copyright (C) 2012

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\mk0u1xk6.exe.part

Digital Signature
Signed by:
Koyote-Lab Inc.

Authority:
Thawte, Inc.

Valid from:
2/23/2012 1:00:00 AM

Valid to:
2/22/2014 12:59:59 AM

Subject:
CN=Koyote-Lab Inc., OU=DEV, O=Koyote-Lab Inc., L=Panama City, S=Panama, C=PA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7AD16C59E384A2E3D38D2287483F9B2B

File PE Metadata
Compilation timestamp:
5/30/2013 10:09:15 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:skFORDHGB7Duvg6Z7zvcYP0FrIqVFOOhYplDBFkwiq5si:gHGEoy0juD9Tsi

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, BC, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 25, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 80, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 8F, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 7D, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
29.5 KB (30,208 bytes)

The file mk0u1xk6.exe has been seen being distributed by the following URL.

http://download.kingtranslate.com/KingTranslateSetup.exe

Remove mk0u1xk6.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.