» birdkissupdate.exe
Overview
Analysis
File Details
Behaviors (1)

birdkissupdate.exe

Birdkiss

Shan Feng

The application birdkissupdate.exe by Shan Feng has been detected as a potentially unwanted program by 3 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named BirdkissUpdateTaskMachineCore triggered by a time event.

File name:

birdkissupdate.exe

Publisher:

Shan Feng (signed and verified)

Product:

Birdkiss

Version:

1.0.0.1

MD5:

9106c41f6cd09e37cf2a4ab0ac88fa9b

SHA-1:

cb96b29490577954a95b333439b61483c53fd1c6

SHA-256:

7e7dd495dc2c4f0ea0b6fe3a078513f9b9f7d95d95da339cf79bac7aa46bd1d3

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

11/16/2024 4:01:56 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Mutabaha.1363

9.0.1.05190

ESET NOD32

Win32/ELEX.IL potentially unwanted application

8.0.319.0

Reason Heuristics

PUP.Elex.ShanFeng (M)

16.7.8.1

File size:

568.9 KB (582,528 bytes)

Product version:

51.6.2704.63

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\birdkiss\update\birdkissupdate.exe

Digital Signature

Signed by:

Shan Feng

Authority:

thawte, Inc.

Valid from:

6/1/2016 2:00:00 AM

Valid to:

2/4/2017 12:59:59 AM

Subject:

CN=Shan Feng, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

1BE68A2F1793C12BE67FDE60C6531903

File PE Metadata

Compilation timestamp:

6/8/2016 4:55:40 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

12288:oMgy+ohqNDBEoOiiW5wS3jofyMgnd2V+79BwY30/HZh:oMN+EbmiW5wS34AS8F0/HZh

Entry address:

0x4C4EE

Entry point:

D0, DD, 77, 00, 00, DE, B8, 96, 8D, 96, 97, 12, D8, 9B, 34, 00, E3, 7A, CC, 0C, FB, 64, 00, 00, 00, 00, 2B, 36, 37, 69, 63, E3, 97, 34, 39, C5, FB, 38, 16, 96, 5D, 00, 00, 00, 00, E4, 2C, 13, 34, 43, 16, 4D, 64, 64, 6E, 3F, FB, 41, E3, DF, 99, D4, F3, 21, 00, 04, FD, 38, 8D, 1C, 94, F0, 7D, 94, 8D, 96, 97, C8, B5, 2D, 86, 0D, CB, 00, 00, 00, 00, 9B, AB, 67, 5C, 97, 47, 00, 00, 00, 00, E5, 36, 4D, 64, 1C, 5C, 4C, 7E, 3A, 3E, 60, B1, 40, F9, 81, C9, 8B, B9, 20, 00, 5A, AD, 67, B1, 0D, 82, 96, 1D, CB, FF, 2D... 
[+]

Code size:

439.5 KB (450,048 bytes)

Scheduled Task

Task name:

BirdkissUpdateTaskMachineCore

Trigger:

Time

Remove birdkissupdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.