k-lite_codec_pack_710_mega.exe

The executable k-lite_codec_pack_710_mega.exe has been detected as malware by 12 anti-virus scanners. The file has been seen being downloaded from ftp.freenet.de.
MD5:
570ee58828bf6960c0b8196b6e559f11

SHA-1:
aaa4a365ec08630813c1d224eaee381e0c769360

SHA-256:
6e703daf86dd016436f32143d4e120cada564ca17461eb3a9b353ca0cbe01571

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
11/23/2024 9:37:47 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Agent-AODJ [Trj]
160204-3

AVG
Worm/Delf.KHX
2015.0.4489

Dr.Web
Trojan.Inject1.28681
9.0.1.05190

Emsisoft Anti-Malware
Worm.Generic.377772
10.0.0.5366

ESET NOD32
Win32/Delf.NRJ worm
7.0.302.0

F-Prot
W32/Renamer.A.gen
4.6.5.141

Kaspersky
Virus.Win32.Renamer
15.0.0.562

McAfee
Virus.W32/Gnamer
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5530.0

Norman
Worm.Generic.377772
03.02.2016 07:38:05

Sophos
Virus 'W32/Renamer-K'
5.23

VIPRE Antivirus
Threat.4775899
46912

File size:
523.5 KB (536,064 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\k-lite_codec_pack_710_mega.exe

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:9rMIztyCK5x8CBmn+RrNbEyWYa0Ie1vUx9V:7ZyCA8CBmn+RrNj9ay5I

Entry address:
0x72814

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 14, 0E, 47, 00, E8, 43, 4A, F9, FF, 8B, 1D, 30, 53, 47, 00, 8B, 03, E8, 06, 60, FE, FF, 8B, 03, C6, 40, 5B, 00, 8B, 03, B2, 01, E8, 3B, 7D, FE, FF, 8B, 0D, 5C, 52, 47, 00, 8B, 03, 8B, 15, E0, 0A, 47, 00, E8, FC, 5F, FE, FF, 8B, 0D, 68, 53, 47, 00, 8B, 03, 8B, 15, 90, 05, 47, 00, E8, E9, 5F, FE, FF, 8B, 03, E8, 62, 60, FE, FF, 5B, E8, C0, 28, F9, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5749

Developed / compiled with:
Microsoft Visual C++

Code size:
451 KB (461,824 bytes)

The file k-lite_codec_pack_710_mega.exe has been seen being distributed by the following URL.

Remove k-lite_codec_pack_710_mega.exe - Powered by Reason Core Security