kehavred.exe

Zombie News

Time Lapse Solutions

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The application kehavred.exe, “ZombieNews Service” by Time Lapse Solutions has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “KEhaVReD”. This file is typically installed with the program Zombie News by Time Lapse Solutions which is a potentially unwanted software program.
Publisher:
Time Lapse Solutions  (signed and verified)

Product:
Zombie News

Description:
ZombieNews Service

Version:
1.0.0.0

MD5:
eae3936b4fc5353781ee71ce713395d9

SHA-1:
0337e167b53ec3aad5244412a8bf7832cb062fc2

SHA-256:
ea255727320eb4662119b688fc61395d81d74d5092e0a2523a19c998cfee5ae2

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
12/25/2024 12:00:19 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt (M)
17.2.25.19

File size:
2.2 MB (2,318,192 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Time Lapse Solutions 2014

Original file name:
ZombieNewsService.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\qikffgb\kehavred.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/25/2014 3:30:00 AM

Valid to:
3/26/2015 4:29:59 AM

Subject:
CN=Time Lapse Solutions, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Time Lapse Solutions, L=St. James, S=St. James, C=BB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4E2D648A5233B2106CC4A2A6BE9F33FA

File PE Metadata
Compilation timestamp:
10/10/2014 6:28:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x235BAE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9995

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.2 MB (2,309,120 bytes)

Service
Display name:
KEhaVReD

Type:
Win32OwnProcess

Depends on:
Winmgmt CryptSvc


The file kehavred.exe has been discovered within the following program.

Zombie News  by Time Lapse Solutions
Zombie News (Injekt) is a web browser extension that injects display advertising in the user's browser. Ads are displayed in the form of banners and contextual text-links and are both injected in white space areas of the HTML page or over existing ads of the underlying web site.
83% remove it
 
Powered by Should I Remove It?

Remove kehavred.exe - Powered by Reason Core Security