home

king1.exe

king1

The application king1.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. The file has been seen being downloaded from www.exeupp.com.
Product:
king1

Version:
1.0.0.0

MD5:
fd5ef8a03b2eac558121c375f133350e

SHA-1:
90bba37fae1a9f172a8a0c76a1f34e75abc9d57f

SHA-256:
6cc8527186b170b82f41f7eefba10849bab77ecb60b531b32b653ac8c7b5f086

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2025 8:37:37 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.MSIL.216034
8.3.2.2

avast!
Win32:Malware-gen
2014.9-160530

AVG
Atros2
2017.0.2727

Baidu Antivirus
Adware.MSIL.iBryte
4.0.3.16530

ESET NOD32
MSIL/Kryptik.BHP (variant)
10.12482

IKARUS anti.virus
Trojan.MSIL.Crypt
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.17685

Kaspersky
Trojan.Win32.Fsysna
14.0.0.132

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi
1.1.12205.0

NANO AntiVirus
Trojan.Win32.Kryptik.dygnmv
0.30.26.3947

Panda Antivirus
Trj/CI.A
16.05.30.02

File size:
69.5 KB (71,168 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
king1.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\king1.exe

File PE Metadata
Compilation timestamp:
10/24/2015 10:58:22 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:o8XhtIQAv4bm51yeOQ9oXLMu8uUo1ZNZZIal+Fh9OhBa:o8XXIQAv4bw1yeO+oXLMu8dSZ/ZIdFPv

Entry address:
0xFA8E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.0812

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
55 KB (56,320 bytes)

The file king1.exe has been seen being distributed by the following URL.

http://www.exeupp.com//.../9a0ddbb.exe

Remove king1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.