KAVREMVR.EXE

Kaspersky Removal Tool

Kaspersky Lab

This is a setup program which is used to install the application. The file has been seen being downloaded from www.google.com and multiple other hosts.
Publisher:
Kaspersky Lab ZAO  (signed by Kaspersky Lab)

Product:
Kaspersky Removal Tool

Description:
KAV Removal Tool

Version:
1.0.(1064).0

MD5:
1b610031338f63bdffcf412222b21f8d

SHA-1:
32cb94de595cd84d64e0f927438472b640f58d65

SHA-256:
4e5f65646a5b5195f7c9dbd17747a96c69fb00e9cc21ac12972ebffc54b50c71

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/25/2024 4:27:55 PM UTC  (today)

File size:
12.2 MB (12,819,016 bytes)

Product version:
1.0.1064.0

Copyright:
© 2013 Kaspersky Lab ZAO. All Rights Reserved.

Trademarks:
Registered trademarks and service marks are the property of their respective owners

Original file name:
KAVREMVR.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\kavremvr.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
10/8/2015 2:00:00 AM

Valid to:
10/24/2018 2:00:00 PM

Subject:
CN=Kaspersky Lab, O=Kaspersky Lab, L=Moscow, S=Moscow City, C=RU

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0F668FB0F0F002B774C7DDBD769EE5B1

File PE Metadata
Compilation timestamp:
4/21/2016 8:14:03 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
393216:/Wv4UnUZPTiOlf4ly28hTXhIUfiOlfQEc/J35h:WdUZPTLhTXSEcZ

Entry address:
0x218F3

Entry point:
E8, 87, A1, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83, E8, 01, 74, 32, F7, C2, 03, 00, 00, 00, 75, EA, 83, E8, 04, 72, 12, 57, 8B, FB, C1, E3, 08, 03, DF, 8B, FB, C1, E3, 10, 03, DF, EB, 1B, 5F, 83, C0, 04, 74, 0E, 8A, 0A, 83, C2, 01, 32, CB, 74, 40, 83, E8, 01, 75, F2, 5B, C3, 83, E8, 04, 72, E5, 8B, 0A, 33, CB, BF, FF, FE, FE, 7E, 03, F9, 83, F1, FF, 33, CF, 83...
 
[+]

Code size:
235.5 KB (241,152 bytes)

The file KAVREMVR.EXE has been seen being distributed by the following 6 URLs.

https://www.google.com/url?hl=pt-BR&q=http://media.kaspersky.com/utilities/.../kavremvr.exe&source=gmail&ust=1467125461619000&usg=AFQjCNF5jyF7XOApdvVryvj2j3v4AMTP_A

https://www.google.com/url?hl=pl&q=http://media.kaspersky.com/utilities/.../kavremvr.exe&source=gmail&ust=1466707337099000&usg=AFQjCNEOpaDpkTueCscP3w1M8xS9AOdB_w

https://www.google.com/url?hl=vi&q=http://download.nts.vn/support/Support-Tools/Remove_AntiVirus/.../kavremover.exe&source=gmail&ust=1474363733391000&usg=AFQjCNEUXnydBF7wkFVrON0AuiTzJV649Q

http://www.majorgeeks.com/index.php?ct=files&action=download&