kinghax.exe

The executable kinghax.exe has been detected as malware by 33 anti-virus scanners. This is a setup program which is used to install the application. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information. The file has been seen being downloaded from fs10n4.sendspace.com.
MD5:
5e4bf81ae5419c3511aa8b4c01ac4a8d

SHA-1:
c28d82c2aaec7e5c011fd88de180b9f2d64b889d

SHA-256:
86ad314d83f074ab1980066ec3bd334ece2c9ca46cf78494747508808338e7cd

Scanner detections:
33 / 68

Status:
Malware

Analysis date:
12/27/2024 4:55:58 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Generic.MSIL.Bladabindi.B978D79E
197

AegisLab AV Signature
Troj.W32.Generic!c
2.1.4+

Arcabit
Generic.MSIL.Bladabindi.B978D79E
1.0.0.741

avast!
Win32:Malware-gen
2014.9-160722

AVG
MSIL
2017.0.2675

Baidu Antivirus
MSIL.Backdoor.Bladabindi
4.0.3.16722

Bitdefender
Generic.MSIL.Bladabindi.B978D79E
1.0.20.1020

Bkav FE
W32.Clodcc5.Trojan
1.3.0.8108

Clam AntiVirus
Win.Trojan.B-468
0.98/21511

Comodo Security
UnclassifiedMalware
25438

Dr.Web
Trojan.DownLoader21.65471
9.0.1.0204

Emsisoft Anti-Malware
Generic.MSIL.Bladabindi.B978D79E
8.16.07.22.10

ESET NOD32
MSIL/Bladabindi.AH (variant)
10.13800

Fortinet FortiGate
MSIL/Agent.PPV!tr
7/22/2016

F-Prot
W32/S-204d2e78
v6.4.7.1.166

G Data
Generic.MSIL.Bladabindi.B978D79E
16.7.25

IKARUS anti.virus
Trojan.Inject
t3scan.2.1.6.0

K7 AntiVirus
Trojan
13.233.20230

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-132

Malwarebytes
Backdoor.Agent.P
v2016.07.22.10

McAfee
Artemis!5E4BF81AE541
5600.6331

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi.AJ
1.1.12902.0

MicroWorld eScan
Generic.MSIL.Bladabindi.B978D79E
17.0.0.612

NANO AntiVirus
Trojan.Win32.Autoruner.dbygjv
1.0.38.8984

nProtect
Generic.MSIL.Bladabindi.B978D79E
16.07.13.01

Panda Antivirus
Trj/CI.A
16.07.22.10

Qihoo 360 Security
HEUR/QVM06.2.0000.Malware.Gen
1.0.0.1120

Sophos
Mal/MSIL-QB
4.98

Trend Micro
BKDR_BLADABI.SMC
10.465.22

Vba32 AntiVirus
Trojan.MSIL.Zapchast
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
50828

ViRobot
Trojan.Win32.Z.Bladabindi.484383[h]
2014.3.20.0

Zillya! Antivirus
Worm.Bladabindi.Win32.3597
2.0.0.2956

File size:
473 KB (484,383 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\kinghax.exe

File PE Metadata
Compilation timestamp:
7/19/2015 4:56:05 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:nxbni5bMRg1dUi6yYoUaQCyo8JEtKwKZy:ndnkMGx6yYor7yo8JEuy

Entry address:
0x1D98B

Entry point:
E8, 85, 63, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 82, FC, FF, FF, C7, 06, 38, B2, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 38, B2, 42, 00, E9, 37, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 38, B2, 42, 00, E8, 24, FD, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 8E, CA, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Code size:
162.5 KB (166,400 bytes)

The file kinghax.exe has been seen being distributed by the following URL.

Remove kinghax.exe - Powered by Reason Core Security