» WinKeyword.EXE
Overview
Analysis
File Details

WinKeyword.EXE

WinKeyword 응용 프로그램

JP Media Group

The application WinKeyword.EXE, “WinKeyword MFC 응용 프로그램” by JP Media Group has been detected as adware by 27 anti-malware scanners.

File name:

WinKeyword.EXE

Publisher:

JP Media Group (signed and verified)

Product:

WinKeyword 응용 프로그램

Description:

WinKeyword MFC 응용 프로그램

Version:

1, 0, 0, 1

MD5:

e1b5ed26237051a2c7a6e43c9bc7a74f

SHA-1:

ba0b62169566ba9db3cfa2df04219e4279e9abed

SHA-256:

2a3f2c16f99ee8c91b8105338c3250d293847763faf7271fa161f39ee7b2df22

Scanner detections:

27 / 68

Status:

Adware

Analysis date:

4/26/2024 9:23:23 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1645119

610

Agnitum Outpost

PUA.CloverPlus

7.1.1

AhnLab V3 Security

PUP/Win32.WinKeyword

15.06.04

Avira AntiVirus

Adware/Symmi.31567

7.11.148.126

avast!

Win32:Adware-ADY [Adw]

2014.9-150604

AVG

Generic5

2016.0.3088

Bitdefender

Trojan.GenericKD.1645119

1.0.20.775

Comodo Security

ApplicUnwnt

18240

Dr.Web

Adware.CloverPlus.3

9.0.1.0155

Emsisoft Anti-Malware

Trojan.GenericKD.1645119

8.15.06.04.10

ESET NOD32

Win32/Adware.CloverPlus.AB (variant)

9.9775

Fortinet FortiGate

Riskware/CloverPlus

6/4/2015

F-Secure

Trojan.GenericKD.1645119

11.2015-04-06_5

G Data

Trojan.GenericKD.1645119

15.6.24

IKARUS anti.virus

Win32.AdWare.ADY

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.177.12026

Malwarebytes

Adware.KorAd

v2015.06.04.10

McAfee

Artemis!E1B5ED262370

5600.6744

MicroWorld eScan

Trojan.GenericKD.1645119

16.0.0.465

NANO AntiVirus

Trojan.Win32.CloverPlus.cuqeta

0.28.0.59608

nProtect

Trojan.GenericKD.1645119

14.05.08.01

Qihoo 360 Security

Win32/Virus.Adware.7c1

1.0.0.1015

Reason Heuristics

PUP.JPMediaGroup

15.6.4.18

Sophos

Generic PUA LK

4.98

Trend Micro House Call

TROJ_GEN.F47V0310

7.2.155

VIPRE Antivirus

Trojan.Win32.Generic

29012

ViRobot

Adware.Agent.236992

2011.4.7.4223

File size:

231.4 KB (236,992 bytes)

Product version:

1, 0, 0, 1

Original file name:

WinKeyword.EXE

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\koreankeyword\winkeyword.exe

Digital Signature

Signed by:

JP Media Group

Authority:

Thawte, Inc.

Valid from:

10/28/2012 9:00:00 AM

Valid to:

12/28/2014 8:59:59 AM

Subject:

CN=JP Media Group, OU=EC Team, O=JP Media Group, L=Gangnam-gu, S=Seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

61F1A0D73EF91EA0ED864432A96CAC0A

File PE Metadata

Compilation timestamp:

3/10/2014 11:51:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:M6H4pxuvVWxUQpDkzi+NpYpqC/3wUYw17ecfuiIy0AojCZ49V0k1j6MmNNnO:F4K0xzpo9c1/rl1ek9Z4zjjhkI

Entry address:

0x23E2E

Entry point:

55, 8B, EC, 6A, FF, 68, 20, B0, 42, 00, 68, 98, 3F, 42, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 10, A5, 42, 00, 59, 83, 0D, 68, 50, 43, 00, FF, 83, 0D, 6C, 50, 43, 00, FF, FF, 15, 0C, A5, 42, 00, 8B, 0D, 4C, 50, 43, 00, 89, 08, FF, 15, 08, A5, 42, 00, 8B, 0D, 48, 50, 43, 00, 89, 08, A1, 04, A5, 42, 00, 8B, 00, A3, 64, 50, 43, 00, E8, 28, 01, 00, 00, 39, 1D, 60, 44, 43, 00, 75, 0C, 68, C2, 3F, 42, 00, FF, 15, 00, A5... 
[+]

Entropy:

6.2259

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

164 KB (167,936 bytes)

Remove WinKeyword.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.