home

runkitty1.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www.gratilog.net.
MD5:
b2ee44851b796265baac70d3736ec8c1

SHA-1:
9280f26a878ea2c0106aed7cfed1fbe107d2bce8

SHA-256:
cb3d06618b4efd1f7da0b608e4ae59a9b36d5c05ca88754cad0aebbb416f5e83

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/19/2024 12:14:25 AM UTC  (today)

Scan engine
Detection
Engine version

McAfee
Artemis!B2EE44851B79
5600.6422

File size:
85.2 KB (87,276 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\runkitty1.exe

File PE Metadata
Compilation timestamp:
4/29/1998 9:23:29 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.0

CTPH (ssdeep):
1536:F/+D6MoaFnxzabXWmBo/i3sgKwlj5DOeu+Oe1k3TQ+HBPLrtD7GK:F/+DJZFxcWmB6i3sgKwlj5DOeu+Oea3T

Entry address:
0x6060

Entry point:
64, A1, 00, 00, 00, 00, 55, 8B, EC, 6A, FF, 68, 00, A0, 40, 00, 68, 9C, 7F, 40, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 60, 53, 56, 57, 89, 65, E8, FF, 15, 18, 03, 41, 00, A3, 04, C0, 40, 00, 33, C0, A0, 05, C0, 40, 00, A3, 10, C0, 40, 00, A1, 04, C0, 40, 00, C1, 2D, 04, C0, 40, 00, 10, 25, FF, 00, 00, 00, A3, 0C, C0, 40, 00, C1, E0, 08, 03, 05, 10, C0, 40, 00, A3, 08, C0, 40, 00, E8, 5A, 01, 00, 00, C7, 45, FC, 00, 00, 00, 00, E8, EE, 1C, 00, 00, E8, 29, 11, 00, 00, FF, 15, 1C, 03, 41, 00, A3, 60, FB...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v4.2

Code size:
35.5 KB (36,352 bytes)

The file runkitty1.exe has been seen being distributed by the following URL.

http://www.gratilog.net/.../runkitty1.exe

Scan runkitty1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.