kdwin.exe

KDWin

This is a setup and installation application. The file has been seen being downloaded from cdn2.filepi.com and multiple other hosts.
Publisher:
KDWin

Description:
KDWin 4.00 Installation

Version:
4.00

MD5:
e71da5a2a9276014fd2242179c31db2b

SHA-1:
1de27dd4206ca7ad887394142b3a4048f18c398e

SHA-256:
00b364b44439bba9414abecc00a55a9fd94538123b2dd5838cf40e321f7fdb34

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/23/2024 7:35:30 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Qhost.aans
7.11.146.2

IKARUS anti.virus
Trojan.Qhost
t3scan.1.6.1.0

Norman
Suspicious_Gen4.CGHUS
11.20140528

Qihoo 360 Security
Win32/Trojan.9cf
1.0.0.1015

File size:
717.3 KB (734,525 bytes)

Copyright:
KDWin

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
6/20/1992 2:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:o1DYrZ1AC5A+TfWc4gMPfBhWks9lntw0N9/K0KKDPERJcNzr2QtJfRLxo0:odYLAw3WpgMPfqksrntww/KePEzE2mft

Entry address:
0x17DE0

Entry point:
55, 8B, EC, 83, C4, F0, B8, 18, 7D, 41, 00, E8, F0, AA, FE, FF, B8, 40, 7E, 41, 00, E8, F6, 17, FF, FF, 8B, 15, AC, 86, 41, 00, 89, 02, 8B, 15, AC, 86, 41, 00, 8B, 12, A1, B0, 86, 41, 00, E8, 80, D5, FF, FF, 8B, 15, AC, 86, 41, 00, 8B, 12, A1, 50, 86, 41, 00, E8, 3A, 71, FF, FF, A1, AC, 86, 41, 00, E8, E8, 09, FF, FF, E8, 0B, 9B, FE, FF, 00, 00, 00, FF, FF, FF, FF, 01, 00, 00, 00, 2A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
92 KB (94,208 bytes)

The file kdwin.exe has been seen being distributed by the following 41 URLs.

http://cdn2.filepi.com/g/VmaHQGl/.../ba2c86d6d4c3544909719d0d06237f18

http://cdn2.filepi.com/g/VmaHQGl/.../e92a333beb5bea87eb0cbbdca53d3627

http://cdn2.filepi.com/g/VmaHQGl/.../54c7d5984d366bda4936a0aa9af5aad4

https://downloader.disk.yandex.ru/disk/3b68067826fa2eea905cc6855f786856c345baebe72307ccfa672b3f2b418be3/57daa8b1/8BAN1SE8aLw4qpomxHOiDsmB7IrB-qAUyIFuMhHbkgTauojyUqMsZl8PAE4k-G7kQu91JBm4O0pj2UeSR4ntyw==?uid=0&filename=KdWin 2016.exe&disposition=attachment&hash=6dZEcFxr/.../x-msdownload&fsize=734525&hid=e0675a1958afbe11fda84c63fe70d8c4&media_type=executable&tknv=v2

https://downloader.disk.yandex.com/disk/edffecb8c4982ea3fcfe76c9c9d829d2d58fc12383661b30ae6d20fd706abe08/57a9a84d/8BAN1SE8aLw4qpomxHOiDsmB7IrB-qAUyIFuMhHbkgTauojyUqMsZl8PAE4k-G7kQu91JBm4O0pj2UeSR4ntyw==?uid=0&filename=KdWin 2016.exe&disposition=attachment&hash=6dZEcFxr/.../x-msdownload&fsize=734525&hid=e0675a1958afbe11fda84c63fe70d8c4&media_type=executable&tknv=v2

http://cdn2.filepi.com/g/VmaHQGl/.../56bc5600c49320220f3771586c4ba0ec

https://downloader.disk.yandex.com/disk/32e4eb166d328de36ca5d0319755ec78301020d6e3600d51b92d2247285f0501/56fddf48/8BAN1SE8aLw4qpomxHOiDsmB7IrB-qAUyIFuMhHbkgTauojyUqMsZl8PAE4k-G7kQu91JBm4O0pj2UeSR4ntyw==?uid=0&filename=KdWin 2015.exe&disposition=attachment&hash=6dZEcFxr/.../x-msdownload&fsize=734525&hid=e0675a1958afbe11fda84c63fe70d8c4&media_type=executable&tknv=v2

https://downloader.disk.yandex.com/disk/244fc055f506ff54bb87d367e95660e0e3a156ac402a59c2ec13adcb5be1b596/57b22e74/8BAN1SE8aLw4qpomxHOiDsmB7IrB-qAUyIFuMhHbkgTauojyUqMsZl8PAE4k-G7kQu91JBm4O0pj2UeSR4ntyw==?uid=0&filename=KdWin 2016.exe&disposition=attachment&hash=6dZEcFxr/.../x-msdownload&fsize=734525&hid=e0675a1958afbe11fda84c63fe70d8c4&media_type=executable&tknv=v2

http://cdn2.filepi.com/g/VmaHQGl/.../c293d32416024fb752c867c3a28fe13e

http://cdn2.filepi.com/g/VmaHQGl/.../af35767bbf58c775fb478e1f015b82ac

http://cs14.superfiles.me/f/0/1476785024/48090802/0/.../kdwin_4.0-spaces.ru.exe

https://downloader.disk.yandex.com/disk/c05053af2a75433a2844546b816ef50d77facd12ff471ec854d8e333e842fcbb/57c98722/8BAN1SE8aLw4qpomxHOiDsmB7IrB-qAUyIFuMhHbkgTauojyUqMsZl8PAE4k-G7kQu91JBm4O0pj2UeSR4ntyw==?uid=0&filename=KdWin 2016.exe&disposition=attachment&hash=6dZEcFxr/.../x-msdownload&fsize=734525&hid=e0675a1958afbe11fda84c63fe70d8c4&media_type=executable&tknv=v2

http://cdn2.filepi.com/g/VmaHQGl/.../218df5c35645b0db60fb0fcf0ab2e09e

https://downloader.disk.yandex.com/disk/00b618e734321ada33710b64bc24316c1dbe4c32787b4f7932416cf5180637aa/579a1cce/8BAN1SE8aLw4qpomxHOiDsmB7IrB-qAUyIFuMhHbkgTauojyUqMsZl8PAE4k-G7kQu91JBm4O0pj2UeSR4ntyw==?uid=0&filename=KdWin 2016.exe&disposition=attachment&hash=6dZEcFxr/.../x-msdownload&fsize=734525&hid=e0675a1958afbe11fda84c63fe70d8c4&media_type=executable&tknv=v2

https://cloclo22.cldmail.ru/22EXWAzanXP3SJxYk7a5/G/.../kdwin.exe

http://cdn2.filepi.com/g/VmaHQGl/.../532c6cec42a8bf7ac36e55b8a56bc48b

http://cdn2.filepi.com/g/VmaHQGl/.../2b9b422cbe0c362dd43cca7f881affcc

https://downloader.disk.yandex.com/disk/beb1ceb0fe3449d3b971da294c04ddc7b3493a737e54e056651b6c979c5b81f7/57cebdb9/8BAN1SE8aLw4qpomxHOiDsmB7IrB-qAUyIFuMhHbkgTauojyUqMsZl8PAE4k-G7kQu91JBm4O0pj2UeSR4ntyw==?uid=0&filename=KdWin 2016.exe&disposition=attachment&hash=6dZEcFxr/.../x-msdownload&fsize=734525&hid=e0675a1958afbe11fda84c63fe70d8c4&media_type=executable&tknv=v2

http://cdn2.filepi.com/g/VmaHQGl/.../19e48eb04d6ac9b69bcbf270a72de775

http://files719.xetcom.com/downloads/software/system/.../kdwin.setup.exe

http://cdn2.filepi.com/g/VmaHQGl/.../a7702c430fabdfc32758a3a2029e597c

http://cdn2.filepi.com/g/VmaHQGl/.../4e7df38bf342b3477e6203188ec75f76

http://cdn2.filepi.com/g/VmaHQGl/.../1960de57053b5e322fc42771cd37e94d

Latest 30 of 41 download URLs

Scan kdwin.exe - Powered by Reason Core Security