home

AVPUI.EXE

Kaspersky Anti-Virus

Kaspersky Lab

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘avpui’.
Publisher:
Kaspersky Lab ZAO  (signed by Kaspersky Lab)

Product:
Kaspersky Anti-Virus

Version:
14.0.0.4917

MD5:
7ef73e96036a58b26fe247972ef2d0e1

SHA-1:
f6287dc4355c8d955ba9125e0f1c27628fd8220f

SHA-256:
fc1743bfbb7e0f9536ce4ec43121d603298ef0f00a9644cb543060f442d49a25

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
1/12/2025 10:31:05 PM UTC  (today)

File size:
711.6 KB (728,680 bytes)

Product version:
14.0.0.4917

Copyright:
© 2013 Kaspersky Lab ZAO. All Rights Reserved.

Trademarks:
Registered trademarks and service marks are the property of their respective owners

Original file name:
AVPUI.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\avpui.exe

Digital Signature
Signed by:
Kaspersky Lab

Authority:
Kaspersky Lab

Valid from:
4/5/2014 10:57:31 AM

Valid to:
4/5/2023 10:57:31 AM

Subject:
CN=Kaspersky Lab, O=Kaspersky Lab, L=USA, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, O=Kaspersky Lab

Serial number:
00A7EDA5A215C0D191329A1CA4B053EB18

File PE Metadata
Compilation timestamp:
4/2/2014 4:23:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:MHvnQ8NQRgqOqNbjBMiwrOkEpwTdwrCpEAI4GkxRiW+za+0sUMPkl5vNRYe:onQZg74qrOsdwufrEz8lH

Entry address:
0x15F483

Entry point:
E8, 3B, FF, FF, FF, 05, 82, 0B, 00, 00, FF, E0, E8, 2F, FF, FF, FF, 05, E4, 21, 00, 00, FF, E0, E8, 04, 00, 00, 00, FF, FF, FF, FF, 5E, C3, 00, 85, 03, D9, 49, D7, D7, FA, 6A, 1D, 10, 4D, A3, 88, 21, 99, 40, 71, 51, 2D, 42, AD, 39, 4F, 70, 6A, 07, 5F, D2, F9, 13, 63, 20, 01, 17, 28, C5, 0C, 55, 4E, 45, 8C, A5, BB, 96, 88, F6, F1, 86, EF, 9C, 82, 5E, 17, 2B, B4, 59, 59, 0E, 7D, 7A, DF, 8B, 76, 54, FD, 99, 8D, 61, 5D, E4, CF, B4, B8, C7, 3B, E7, D0, 4A, FB, 56, 5E, E8, EB, 1E, 84, 7E, EB, 3D, EE, 76, 5A, A2...
 
[+]

Entropy:
7.9423  (probably packed)

Code size:
20 KB (20,480 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
avpui

Command:
C:\users\{user}\appdata\local\avpui.exe


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.