kavsetup_99_1.exe

Kingsoft Internet Security

Beijing Kingsoft Security software Co.,Ltd

This is a self-extracting archive and installer. The file has been seen being downloaded from www.safetagheart.com and multiple other hosts.
Publisher:
Kingsoft Corporation  (signed by Beijing Kingsoft Security software Co.,Ltd)

Product:
Kingsoft Internet Security

Description:
Kingsoft Antivirus Install

Version:
2013,06,28,204

MD5:
7abbff219ca87239549c8c39f85a0806

SHA-1:
0ceedfe219e0eb0d9f24e3a81004c6b1610a25e7

SHA-256:
e3c1aea1352362e4b5c008e16b03810192d12a4f1cc71245f5a75e796c719c69

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 4:42:40 AM UTC  (today)

File size:
13.6 MB (14,300,584 bytes)

Product version:
9,0,112395,204

Copyright:
Copyright (C) 1998-2013 Kingsoft Corporation

Original file name:
kpacket.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\kavsetup_99_1.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
12/26/2011 1:00:00 AM

Valid to:
12/26/2014 12:59:59 AM

Subject:
CN="Beijing Kingsoft Security software Co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing Kingsoft Security software Co.,Ltd", L=beijing, S=beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
07BC3A51B589E5AF43291DF84EA4C571

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
393216:D3BXAWGCJXuUniCRX1mezmAHy5+DIW4scYMMDIkMK:bOw+86AG+DIW6swK

Entry address:
0x10E390

Entry point:
60, BE, 00, E0, 4A, 00, 8D, BE, 00, 30, F5, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA]

Code size:
388 KB (397,312 bytes)

The file kavsetup_99_1.exe has been seen being distributed by the following 32 URLs.

http://www.safetagheart.com/nY_5TZ8CW LfiPrcg5VgX9bPc0RKx0zoJkfMJcewHmJeErxUw6PQM 6VZ ciavKNoSwgfbGTx9JB9nzojV8lTxrTTyP6OuPWNGtbzGtAI4Gt2lQq0nJC97vhp6ngAZM56pyGpFlkHW_ZosgbYTnI4eVrJdt0lEYG_eWjgEZnzCs9G3nPdXR0L1IKAV2GI_nt WJc1uwBT8A1B rCtCjQBuG_gFm pcUg4A1Mr11G9ubym2R0VHEQS9G8vdYTG_DkV8xfrxw9peGY6Qn2QK EWfTPXk8NWr09fu1a glxxRw6HuRhDaZ5kVPFSHlaEqBbvLELbJhENQ qPe2O77D5Z2ZDTBLu59aA1fByN2f7liFtGyua6BlOIl60JlCPxchhHHdKVPGePchb ToJF81RkUAuq7NPdIMnnDGvvjridxso798QWD37Y LbQRhD50V54_aXK5SkqwQTn2vn_dAZESyqMOI2BydLY Kjdlsfr2LbtJB13nV i qdK3 bfrWSpUcxCkDrqLY MR6YPNVYFKufrp5Ng==-GzgAAES3eX7zPEV0SBghVBE45ID97SYtIAo2xs5xCEXkGzOgxUR7vUWNlTzZNB4pe7p5boOf-e

http://download1286.mediafire.com/dn6ha5vt5nag/.../kav_setup.exe

http://www.safetagheart.com/9KKlcKqXYhmiOT38t5nrnp7aiN3h68rzXHtQ6OP JKFKqT7hkk AiWSwbXHTDqPVz9cisXuJLZt5aIs32jJhaODXm2FfKhOUy2QHnI24F3e9w5rw2SSFSuv6Rp0froD699QK_9aqU6C D2j99nsxQ5MhfVujTO62RId beOJI_noA9sc3C14ANVbKVa6gt5z_8v1a_5z19wqklDlE0H82lXqarAtgjGzBw8bOzq60xNt3EIhzQUk7rrW4OUxuJgkXdvzWf_T62H6It8y hLA2rXwv4LP8nLpdyH6o58uhE9b5aUt5S2qnrJbZIIQ1Q675YkbCP1PcO_lfoFvMc28yHYCiKdD aEmpk8HHWYudBsL 9sPY4YxSKn5DBnP8d 5JazQakCHkwaUtkuDQcjfnRE OTAtV7RaWyZUbzVVVsVZM6raPIoaZl0lBxUVXQCtGXJ5s12troK0_uM42YKP uNf0o46vjfvMW6r4gFV1TeIJ563XaOQl5lHFA9TN9rI22GnJnv4sxEOn4Ji0tRRl_fqz5T2xA==-GzgAAES3eX7zPEV0SBghVBE45ID97SYtIAo2xs5xCEXkGzOgxUR7vUWNlTzZNB4pe7p5boOf-e

http://www.jetelecharge.com/.../telp.php?id=6858

http://download1599.mediafire.com/ljqiaqb05ifg/.../kav_setup.exe

http://www.safetagheart.com/ifmPQeusdCQjYAtgOhriSMc8VrIuqYPtqKDLehwD2wLQTSuRLIDGEF1TiF4O6SfuB09kT0oo5DjSjMTF72QXkDT8eYqNEobWcUJ dlgbgiSAloJsU2UBKl78QHbt48ue9_QRP7B5akGVCdEoFNTsEemY1Do3F7uqvUybxfArz9NrlGQgiMDjmnKsPA8Rcls6Zsvg2U7Fe8BGuwWsay46FCsZERMF7tmSYGCrT6R85dCKWUFxlK6mavelF0w0AVPb6Vmgb_9X2HWjEQ8_chxaCdEo6tGPTU83Bl_TUe9 191qArE NIb 9kYyAK7CVH1VUXPbPQNhPtCmXcm2prWLmWgZlpArsLvcTOaKEeyqs1owC4A8gsXVuhy8SJLg0TYEkvaNCyVe8 z2T_BMI14yMrAE3Fh93X3sHzwrrinJ jL59JlIkEa2Yflasi FRi4kLgWcfZJqnpBLqBqiyaKRDy6v4riTQevNglFcSJXW3M1zYj_Q6V7X08F9J5S1nGZELIBksD1C61nEdMQ5sXm2Ixq KA0ow==-GzgAAES3eX7zPEV0SBghVBE45ID97SYtIAo2xs5xCEXkGzOgxUR7vUWNlTzZNB4pe7p5boOf-e

http://www.safetagheart.com/G7NIFtRcznGqzKCrXufU5IWTloc VujwtpV6eAg2P5fbf2mXNUacOv1AD QlXqnFL6bdDnnsbI3oTUqxYX2JZDDrIMzEKKuYHDCY2MgiuQoTiSzrdoIH7qOHKezlKTeKyp9h4uKWTr9y9t_ppmvEP7w7UCeM1vkmzz2wiGi q9Zt5j0dXkT0MjHML7eTXaqVCovySlEXNbUVvqRoKnlHE3VB1CI9JN_XmfF4_mRLYh6WJMAXEWo5TOdZF8VnIXEHedLC GAV9CbIDIfBzgkX4sP9svVOnTyGx_TjW4STSV_jEiTQsIo900TamWknBY9UaHyML8DEsSN4YoXBwPngPH RFqDjBWR8n1tgZLiNVvOKq9JFVc09G3f6QnIhHXxmsHU5BzwcrqPx9xdESq 8pa_MqfZA9leZxL4Nk1FTdg3jfHon_wXFQUouIw ZVRYGbicEHJMjV0jEw_ymIZ4niTJ0iu0evLjIBnT_0ToOpKIc6bR1OnImRDGVpF1gBCsXdvXvpBZ0g a0yoa2AmiPqUbcyv3OyA==-GzgAAES3eX7zPEV0SBghVBE45ID97SYtIAo2xs5xCEXkGzOgxUR7vUWNlTzZNB4pe7p5boOf-e

http://download1003.mediafire.com/ba25wtemfdfg/.../kav_setup.exe

http://download1383.mediafire.com/192lwwl7r2rg/.../kav_setup.exe

http://www.toursrepositoryfactory.com/xzeFQ1 0pulqpq7HwC7eD0kX76 i_bDAmQ0JsTioOdKAmnXYnJxAxSqIEk5qK8JTsztXhb67RlOBH 0oS5skrrWwkFTTIDlQko3UFHiNjI_FZKu__daUMUVFjsFRAIY5FrxPlWnlBr1H70bGZIE7iBLVkBSDjWNKeWGMPTH9JpM tqOEBbxB6G5zd8q5lhUwQRnP8zEeFRwFa7PqQCrNNMHw6q2QGVI2ejUASbHed7yHblYCEU8pymonlQpwqTJM6CF0t79Xl2fVmHITc5uQPVhi8rN9Cj4tDofT2oUBQ2sV2oY8Lx6C0UzUO_m7ecy6qfD8D2KgrMmRE0 I4Zw8MLaKvBXOmYzNBqwb6ToS27tsNQ4PmMKw1hMWzFq_CVCSA14L8_x8bm3LGKuWW 4YbyEH_tgwYmp3oZIVzCBhD35Ez0Pgbj9Vhlu95UlEej3LN0_MtEhCO9OQR5AFmLGCa7ZyAMi0BOzJplavG4xAIyqnd8ZdlHi9kw_oWj0HErHYDG6XE0G4ZihA9UHWI_DTSxWyxXE3pQ==-GzgAAES3eX7zPEV0SBghVBE45ID97SYtIAo2xs5xCEXkGzOgxUR7vUWNlTzZNB4pe7p5boOf-e

Latest 30 of 32 download URLs

Scan kavsetup_99_1.exe - Powered by Reason Core Security