» kav_setup.exe
Overview
Analysis
File Details
Programs (1)
Downloads (5)

kav_setup.exe

Kingsoft Internet Security

Beijing Kingsoft Security software Co.,Ltd

This is a self-extracting archive and installer. The file has been seen being downloaded from cdn.yjc.ir and multiple other hosts.

File name:

kav_setup.exe

Publisher:

Kingsoft Corporation (signed by Beijing Kingsoft Security software Co.,Ltd)

Product:

Kingsoft Internet Security

Description:

Kingsoft Antivirus Install

Version:

2013,03,27,195

MD5:

4b80eaf2288aa715354cfc42e87f6a55

SHA-1:

2b2227c1135fde2f277eec549faecc57020d6947

SHA-256:

bdf40bbc008ab151db86ace1b8c2385b8eed742031db4277c4f29ce164995294

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/24/2024 1:59:28 AM UTC (today)

File size:

13.6 MB (14,297,616 bytes)

Product version:

9,0,102364,195

Original file name:

kpacket.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\kav_setup.exe

Digital Signature

Signed by:

Beijing Kingsoft Security software Co.,Ltd

Authority:

VeriSign, Inc.

Valid from:

12/26/2011 1:00:00 AM

Valid to:

12/26/2014 12:59:59 AM

Subject:

CN="Beijing Kingsoft Security software Co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing Kingsoft Security software Co.,Ltd", L=beijing, S=beijing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

07BC3A51B589E5AF43291DF84EA4C571

File PE Metadata

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

393216:c/XADqwibq/RIYuUniCRX1mezmAHy5+DIW4scYMMDIknl5:cGA8Ib86AG+DIW6szl5

Entry address:

0x10E160

Entry point:

60, BE, 00, E0, 4A, 00, 8D, BE, 00, 30, F5, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Packer / compiler:

UPX 2.90LZMA]

Code size:

388 KB (397,312 bytes)

The file kav_setup.exe has been discovered within the following program.

360Amigo System Speedup Free by 360Amigo

360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).

www.360amigo.com

53% remove it

The file kav_setup.exe has been seen being distributed by the following 5 URLs.

http://cdn.yjc.ir/files/fa/news/1392/1/.../1007583_357.exe

http://files.downloadnow.com/s/software/12/88/31/.../kav_setup.exe

https://drive.google.com/uc?id=0B_N-bETtYjiBQWNiLVZpTmpZMkU&export=download

http://softdl.pcdoctor.kingsoft.com/.../kav_setup.exe

http://software-files-a.cnet.com/s/software/12/88/31/.../kav_setup.exe

Scan kav_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.