kingtranslatesetup.exe

KingTranslate

Koyote-Lab Inc.

The application kingtranslatesetup.exe, “KingTranslate Install” by Koyote-Lab has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from download.cdn.kingtranslate.com and multiple other hosts.
Publisher:
Bandoo Media Inc  (signed by Koyote-Lab Inc.)

Product:
KingTranslate

Description:
KingTranslate Install

Version:
1.0.0.0

MD5:
8edcefcd13745592bb1ed49634dad2ad

SHA-1:
f24faca2f5b843d3ecbdda4af5ff0c61e665f02a

SHA-256:
921c6e23f4fea92bc1c0e50dc1a9e860ddc95aec52bb94589788d0a1ac1a42c8

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 1:46:57 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Searcher.2497
9.0.1.084

ESET NOD32
Win32/Toolbar.SearchSuite
8.8606

Reason Heuristics
PUP.Installer.KoyoteLab.S
14.3.25.11

Trend Micro House Call
TROJ_GEN.F47V0330
7.2.84

File size:
820.7 KB (840,440 bytes)

Product version:
1.0.0.625

Copyright:
Copyright (C) 2012

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\kingtranslatesetup.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
2/23/2012 1:00:00 AM

Valid to:
2/22/2014 12:59:59 AM

Subject:
CN=Koyote-Lab Inc., OU=DEV, O=Koyote-Lab Inc., L=Panama City, S=Panama, C=PA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7AD16C59E384A2E3D38D2287483F9B2B

File PE Metadata
Compilation timestamp:
4/10/2010 2:19:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:x0alXh7lPiDR1s0JEIA6OyvB3QLnp6eF6K:xt7Fid1nXAVyvBI56K

Entry address:
0x33E9

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 78, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, 90, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, 80, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file kingtranslatesetup.exe has been seen being distributed by the following 2 URLs.

Remove kingtranslatesetup.exe - Powered by Reason Core Security