kav_setup.exe

Kingsoft Internet Security

Beijing Kingsoft Security software Co.,Ltd

This is a self-extracting archive and installer. The file has been seen being downloaded from cdn.yjc.ir and multiple other hosts.
Publisher:
Kingsoft Corporation  (signed by Beijing Kingsoft Security software Co.,Ltd)

Product:
Kingsoft Internet Security

Description:
Kingsoft Antivirus Install

Version:
2013,03,27,195

MD5:
4b80eaf2288aa715354cfc42e87f6a55

SHA-1:
2b2227c1135fde2f277eec549faecc57020d6947

SHA-256:
bdf40bbc008ab151db86ace1b8c2385b8eed742031db4277c4f29ce164995294

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/28/2024 2:19:23 AM UTC  (today)

File size:
13.6 MB (14,297,616 bytes)

Product version:
9,0,102364,195

Copyright:
Copyright (C) 1998-2013 Kingsoft Corporation

Original file name:
kpacket.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\kav_setup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
12/26/2011 1:00:00 AM

Valid to:
12/26/2014 12:59:59 AM

Subject:
CN="Beijing Kingsoft Security software Co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing Kingsoft Security software Co.,Ltd", L=beijing, S=beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
07BC3A51B589E5AF43291DF84EA4C571

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
393216:c/XADqwibq/RIYuUniCRX1mezmAHy5+DIW4scYMMDIknl5:cGA8Ib86AG+DIW6szl5

Entry address:
0x10E160

Entry point:
60, BE, 00, E0, 4A, 00, 8D, BE, 00, 30, F5, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA]

Code size:
388 KB (397,312 bytes)

The file kav_setup.exe has been discovered within the following program.

360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).
www.360amigo.com
53% remove it
 
Powered by Should I Remove It?

The file kav_setup.exe has been seen being distributed by the following 5 URLs.

Scan kav_setup.exe - Powered by Reason Core Security