home

kithgez.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www.filehorse.com and multiple other hosts.
MD5:
b3b121ccac92a71152d3aa6a783927d4

SHA-1:
b51e3dcd8edaad1cb77550a9cfd6266c4925c630

SHA-256:
31c84f5d740eb7b497fcfd5e963123d0a1a94afe6edfd18cfc23b2d1234078fb

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 1:10:54 PM UTC  (today)

File size:
1.3 MB (1,364,522 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\kithgez.exe

File PE Metadata
Compilation timestamp:
3/15/2010 7:28:07 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:a382om3Cg/iDfPc/7tNETop2FmYaS0LtVOmvjkiSs9OfccyM4NQd4gOa:aXgTK7th2jaSYtgySWNI4gx

Entry address:
0x8C84

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, 8A, 2A, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, 7E, B8, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 1C, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 1C, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, 24, BD, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 18, 02, 41, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 1C, 02, 41, 00, 8D, 45, E4...
 
[+]

Code size:
57 KB (58,368 bytes)

The file kithgez.exe has been discovered within the following programs.

Adobe Photoshop 7.0  by Adobe Systems Incorporated
Adobe Photoshop is a graphics editing program. Photoshop files have default file extension as .PSD, which stands for "Photoshop Document." A PSD file stores an image with support for most imaging options available in Photoshop.
www.adobe.com/photoshop
6% remove it
WinRAR archiver  by win.rar GmbH
WinRAR archiver is a shareware file archiver that is able to create RAR archives natively.
www.rarlab.com
12% remove it
 
Powered by Should I Remove It?

The file kithgez.exe has been seen being distributed by the following 50 URLs.

http://www.filehorse.com/download/file/.../

http://filehippo.com/download/file/.../

http://filehippo.com/download/file/.../

http://fun.net/Softwares/.../wrar393.exe

http://www.hit.ro/downloads/.../wrar393.exe

http://software.oldversion.com/download.php?f=YTo1OntzOjQ6InRpbWUiO2k6MTQ4MzQ0NzkyMztzOjI6ImlkIjtpOjY2NTA7czo0OiJmaWxlIjtzOjE2OiIzLjkzX3dyYXIzOTMuZXhlIjtzOjM6InVybCI7czo0NToiaHR0cDovL3d3dy5vbGR2ZXJzaW9uLmNvbS93aW5kb3dzL3dpbnJhci0zLTkzIjtzOjQ6InBhc3MiO3M6MzI6IjYyMjAzMzllOWUzMDdiZWMyNzNjZmY1MTZjZmY2N2NkIjt9

http://dl.ariansystem.net/Software/Compression/WinRar/.../wrar393_.exe

ftp://192.168.3.11/.../wrar393.exe

http://www.filehorse.com/download/file/.../

ftp://103.19.132.197/.../wrar393.exe

http://download1696.mediafire.com/z6ns6d1j9ubg/.../wrar393.exe

http://dc726.4shared.com/download/.../winrar_to_pc.exe

http://filehippo.com/download/file/.../

https://dw.uptodown.com/dwn/f8H54maiKVbKlW_7ZZoJZJEtBlnnRCYTA8sM5gbZgS9xjh3O2L8tRkgkE0FITLGnA1OjRdgnDNQ7jmBjBa3AVdgH0IQcSGg4zi6F9_-GcySr1ezLyW3AAZlIXFTkvSyW/GkcXHIgJkTU7Dpy0QDI5b9m41ZXshQpnmEWz_lzwmlqvCdgkuUskRFZDOh2aiHeuv2yfDBFa0uA2YYo-VvIbCtiyA66HvB10Ad5it6DE262CxocU4VuUG5rf9gSvus-a/4Wl5-IoWegcNJtGMwj9_fjxPGn_Y510t_FcRkb_NnIQmpBc_1Epz8mlopgD4beKvTfPkluNHYW9vOP-wbHlsd2AMHVRcKUdk4fQY9sPwxHGVyweaHv8ShfqcW7omlseg/.../

ftp://ftp.elf.stuba.sk/pub/pc/.../wrar393.exe

http://download.jprj.com/107/.../WinRAR_3_93.exe

temp:Winrar 3.93 - 32 Bit.exe

http://www.iranicdl.ir/ICDL/.../WinRar.exe

https://www.winrar.it/prelievo_start.php?url=http://www.rarlab.com/.../wrar393.exe

http://www.rttcrajpura.bsnl.co.in/.../wrar393.exe

http://download1141.mediafire.com/9kzxwir2y90g/.../wrar393.exe

http://tiger-sat.net/uploads/3/1/5/2/.../wrar393.exe

http://sharewealthindia.com/admin/.../wrar393.rar.exe

http://www.tiger-sat.net/.../wrar393.exe

temp:wrar393.exe

http://10.1.132.110/perisian/.../wrar393.exe

http://www.uca.ac.cr/wp-content/uploads/2013/.../wrar393en.exe

http://download1333.mediafire.com/5acbd3ngjz4g/.../wrar393.exe

https://www.winrar.es/.../105?PHPSESSID=247c9c62b629c7f24d5da1e98eae2d56

https://drive.google.com/uc?id=0ByjsaparNGZlbFA5OFNEanFRZU0&export=download

Latest 30 of 54 download URLs

Scan kithgez.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.