kin_kon_updating_service.exe

The executable kin_kon_updating_service.exe has been detected as malware by 1 anti-virus scanner. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
MD5:
af8bd43098d6a8be32dbb50fa35d5956

SHA-1:
d4e7914082c10900413d5b7404f0036c774af58b

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/28/2024 10:31:52 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.7.1.18

File size:
173 KB (177,152 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Application data\kin kon\kin_kon_updating_service.exe

File PE Metadata
Compilation timestamp:
4/1/2015 4:48:11 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
3072:zSfwJqJTeRy0YXpuBkHkuJvO6y8e7SG6OdV3dEe6DAiFsZNafah0iK9KXx699Vv:zSfwEaE0UuBupyrDBdddMDBizWah039D

Entry address:
0x39CD0

Entry point:
60, 8A, F6, 0F, B6, F7, 68, EB, 28, A9, 00, 55, 32, DA, 84, E5, 8D, 2D, C2, 29, 34, F2, EB, 0A, C6, C3, CC, F3, F7, C1, E3, 50, D3, C6, 69, FF, C7, 90, D9, B6, 86, E3, 69, C2, 2F, 5E, DB, B8, 70, 0A, 0B, EA, 8D, 3D, A5, 69, A4, B0, 20, C2, 0A, CC, E8, 86, 00, 00, 00, 0F, BF, F1, 4F, 87, D6, EB, 07, 29, D2, BF, F9, FE, 32, 1E, 51, 8B, D9, FF, C1, 5D, 2A, CA, 3D, 33, 92, E8, D6, C6, C5, 8B, 2B, ED, 86, E1, C6, C4, DE, 8B, D2, 8B, CA, F6, C6, 8B, 0F, AF, DF, 72, 0E, C7, C7, 83, 85, 33, FF, 85, D9, 81, C8, 66...
 
[+]

Code size:
92 KB (94,208 bytes)

Scheduled Task
Task name:
kin_kon_updating_service

Path:
C:\WINDOWS\Tasks\kin_kon_updating_service.job

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-75-101-133-248.compute-1.amazonaws.com  (75.101.133.248:80)

TCP (HTTP):
Connects to ec2-54-243-232-177.compute-1.amazonaws.com  (54.243.232.177:80)

TCP (HTTP):
Connects to ec2-54-225-216-119.compute-1.amazonaws.com  (54.225.216.119:80)

TCP (HTTP):
Connects to ec2-107-20-143-123.compute-1.amazonaws.com  (107.20.143.123:80)

TCP (HTTP):
Connects to ec2-54-243-173-91.compute-1.amazonaws.com  (54.243.173.91:80)

TCP (HTTP):
Connects to ec2-23-23-190-31.compute-1.amazonaws.com  (23.23.190.31:80)

TCP (HTTP):
Connects to ec2-23-23-100-19.compute-1.amazonaws.com  (23.23.100.19:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.50.41:80)

TCP (HTTP):
Connects to ec2-54-197-246-21.compute-1.amazonaws.com  (54.197.246.21:80)

TCP (HTTP):
Connects to ec2-23-23-165-47.compute-1.amazonaws.com  (23.23.165.47:80)

TCP (HTTP):
Connects to ec2-54-243-49-80.compute-1.amazonaws.com  (54.243.49.80:80)

TCP (HTTP):
Connects to ec2-50-19-235-98.compute-1.amazonaws.com  (50.19.235.98:80)

TCP (HTTP):
Connects to ec2-50-16-193-32.compute-1.amazonaws.com  (50.16.193.32:80)

TCP (HTTP):
Connects to ec2-23-21-74-161.compute-1.amazonaws.com  (23.21.74.161:80)

Remove kin_kon_updating_service.exe - Powered by Reason Core Security