home

k-plugin.exe

K-Defense Installer

Kings Information & Network Co., Ltd.

Publisher:
Kings Information & Network Co., Ltd.  (signed and verified)

Product:
K-Defense Installer

Description:
installkdf R6 415083101

Version:
6.1.9.7

MD5:
e29b01a8052f56d65359f99b041ace41

SHA-1:
e075a1c2b64910dc069aba1da479f5018574553a

SHA-256:
1428053c0fe8af8fca82da224132acc1325e6916dd4859abd7e1c1b114e5f794

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/6/2024 2:11:35 AM UTC  (today)

File size:
10.1 MB (10,542,840 bytes)

Product version:
K-Defense R6

Copyright:
Copyright (C) 2013 Kings Information & Network

Original file name:
installkdf.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\k-plugin.exe

Digital Signature
Signed by:
Kings Information & Network Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
9/11/2015 9:00:00 AM

Valid to:
12/11/2017 8:59:59 AM

Subject:
CN="Kings Information & Network Co., Ltd.", O="Kings Information & Network Co., Ltd.", L=Hanamsi, S=Gyeonggido, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
20EEE13D89013D9F7380984948758E28

File PE Metadata
Compilation timestamp:
12/9/2015 11:46:05 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:wbHZTo+Rc/cODQcvIGcamDHWPzYpT9qaH4Aic2i7ZTMhcER9L0V8TwwpEdjmvl3e:8o+u/SroYlMKEQgwe2b

Entry address:
0x113024

Entry point:
E8, 59, EC, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 55, 08, 56, 57, 85, D2, 74, 07, 8B, 7D, 0C, 85, FF, 75, 13, E8, 15, 04, 00, 00, 6A, 16, 5E, 89, 30, E8, 91, 73, 00, 00, 8B, C6, EB, 33, 8B, 45, 10, 85, C0, 75, 04, 88, 02, EB, E2, 8B, F2, 2B, F0, 8A, 08, 88, 0C, 06, 40, 84, C9, 74, 03, 4F, 75, F3, 85, FF, 75, 11, C6, 02, 00, E8, DF, 03, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, C6, 33, C0, 5F, 5E, 5D, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8...
 
[+]

Entropy:
6.5831

Code size:
1.2 MB (1,290,240 bytes)

The file k-plugin.exe has been seen being distributed by the following URL.

http://www.lottehowmuch.com/.../K-Plugin.exe

Scan k-plugin.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.