» kmd.exe
Overview
Analysis
File Details
Downloads (28)
Network (1)

kmd.exe

Kazaa Installer

Sharman Networks Ltd

The application kmd.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts. While running, it connects to the Internet address proxy.herokuapp.com on port 80 using the HTTP protocol.

File name:

kmd.exe

Publisher:

Sharman Networks Ltd

Product:

Kazaa Installer

Version:

1.0.0.3

MD5:

ec71942212f7ba28ef39d0a534bdcb53

SHA-1:

ed7032c5b1c955e27eea60f9d9244e376b7879b0

SHA-256:

ca7f844f8064b9e1bd3f016de3e6b4f7ceada58e8d82a263636654afcd3e69f5

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

11/24/2024 9:28:00 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.Kazaa

4.0.3.151218

ESET NOD32

Win32/Adware.Kazaa (variant)

9.12029

Rising Antivirus

PE:Trojan.Win32.Generic.15A670ED!363229421

23.00.65.151216

Total Defense

Win32/P2P.Kazaa

37.1.62.1

File size:

752 KB (770,048 bytes)

Product version:

1.0.0.3

Trademarks:

Kazaa

Original file name:

Cloudloader.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\kmd.exe

File PE Metadata

Compilation timestamp:

1/16/2006 7:50:54 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.0

CTPH (ssdeep):

12288:SsUtWob/GyOII9Tid9wJDKUrhDs4SaeP4fIuJezvIX:SsYbuxPTiQoU1DFxePhT

Entry address:

0x1EF65

Entry point:

6A, 60, 68, A0, 45, 44, 00, E8, 43, FF, FF, FF, BF, 94, 00, 00, 00, 8B, C7, E8, A3, FA, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 1C, F3, 43, 00, 8B, 4E, 10, 89, 0D, 38, 35, 45, 00, 8B, 46, 04, A3, 44, 35, 45, 00, 8B, 56, 08, 89, 15, 48, 35, 45, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 3C, 35, 45, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 3C, 35, 45, 00, C1, E0, 08, 03, C2, A3, 40, 35, 45, 00, 33, F6, 56, 8B, 3D, 2C, F2, 43, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03... 
[+]

Entropy:

7.0311

Developed / compiled with:

Microsoft Visual C++ v7.0

Code size:

248 KB (253,952 bytes)

The file kmd.exe has been seen being distributed by the following 28 URLs.

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1478210118&Signature=gv6sc6okn-XxqD-tXP~rzedD8GKUCcdfvlSJiOCNN0iTFAYQxZFpFfJZ7zjovNYeBZWcm-pwex7n2V6wHEXE2Soz7903O-LKKM0yT2xcCSIwUQlbOI9mM5o0HgrPedFJJ5sebfXJ9EyVZX4PodpjprqtdHFmQbp0YezCo6lFXU0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1448415069&Signature=V8NNXgNYOPhxxGNAFgIrDRF2cLozGFVWXrIGRGN7iPcc9xOlfniE5mU6n2F7shvpR1f7XtGpNjyg63IZhpnFPhl9Qi0O~yMF9lfv96Q~eXypVQ2tZGDVEBeryVr~Zt-lkT6EuHCCot4rFd5B2M5o~PyWeusFZAR9b-mLf1Ql8tk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1477817568&Signature=KZK18vHt9ZNEmPZXelwZvdMrT-mCDFCLpBeJjdZ11S1ChoV~calRY2JPkMMSOKRcPtli1IFkoVePta111zkig6iAVIktFlhexa48wxtXp1PHCDGDW0rLbulqAWlv8rcTFPOjhcmZ5KqzJfvJGRgtPm3uuRtSHytwrd1H4FB6gtE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1446095296&Signature=eILDsMzyTZLJZd9GMv-yoKZQ96bHIiulIT6KGl0SvJrGRitgfuvd623-cabLzaJrervgqbg-4rroV35xP1B~2CHqgLoQ8hXAawYhS2X90g4-5rLPzuxNfeRCID35XxC2SlbQk4QoX9sQ2vo3dA2g8iERxeSa8X7DoqGr1tXYVpM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1481662435&Signature=apYI1nlg52J9MTUGJUu~ia~MA7c4lEpe3efwNKCQO1E-XvbGRMYFlMVDXDWBEav5Wj~kbv5IecSmds~crEXO6l8O66S2Zeyzy6EW2eO4X5y3m3RweU8DahCU-4XflwLhWqyELRKnPZnAj7KeJ3QAx5qe9hAUaNVliuCOIx3Ve2c_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1478035062&Signature=XQzaPzTx-rFcbXoSRFX5Fs0tpIy~89s-7IbYvWhRVibRoCJm3oNtvT~RFzgTQTvTT4cRJVaZAPfVIrpaAQ~ksm7P~YNvyfu7OPjZdEJKJVOvUq8nHxRzHKGJUkj13R0TGBopSpL834Cei8s6BoGkmJTrxxGN-thVg4U6xBZ2mRc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1479521954&Signature=Ey6pV2YVVgUUzxdKffgXypDwqAUwNmJL~YVWnp7re60oPc9qGbx1W3dpRnJ4hl0AnY0tSfZDmHzAyKjWQM4qr1czYxtPEMGlxGPAdDZ3N65jlKFGQJ1C5kANBNnbAo9IQgWVZfBRkalCihvvJ5K97Rc-QizgPg4gAl9mY2sedXk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1462856296&Signature=Ivm5aPzGFYjHOUB-jUJkApf6vO4H7lqgTb32h5Yel8dQH-6oPYmAxrjdUbpEQuY1xc1Ws8MJlujXi7yqW2I0yf9Dwheai9fKGA5MXqy-jGUYR1RuYdNv2vZTfs4Xbh8-B8qPhvvYCgEsUUDRhTqiFq97jUGz8~d73zWsehLyCn0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1477048692&Signature=TUfEQEscuqv9niU8ZPSVqk5AGWfFpujpXNkiifOQ0ZhPVgyeZ2fuWc86wKz3onnes6YsCMAxuAsweXAKJ14yQ8vqu0dXVyO5v5K9-0ulJl~7HH~kZK~fbkfb4mdfGMwP-U~1cnxNVYc2trHOSvnsR9V-NgyStPIkCpn2Oklmmp0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1476004714&Signature=ffe5VNn6BOHy0ecjAmWgU~I~5c4dDiKOknYm-K6m5FY9aiLnJuibXr~z-JgYlFS16kr0UAgkZbqVW~9GyvAkOVptt6GG8DyHJ6Y5T8~iGk-9PDUHKfYvrlc98oxXszFZ1ijHrz-YifJbl~7I18swqH74u47TlNMvt5iDsC9n9bc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1473606966&Signature=VyAEYis0fvZslLJ5Mjp8S8G3H8l99rK9PML8yl20bE7j8~cd2JFWWIkOQCDNiLdmNg2OmBuTl8h6IRMv2V0mbZcfWFwyW4X~aiNrlUV8a9P4q4i8jGyprlQ2NV72jVMoYwLYaK~8fvf3Z3nm5faiMRtRc9BgbC1UMPLtyr45l64_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1469006923&Signature=XFwFNvuLNbT2oE~pFEtogZxsCYjQFrdNtEDeeSWuxr5uOf3jz8DEpQZ616suQ5R07l-ywvpj7IPFt3ONY-xMeCnagx2Xh~3Ib~Ax9iNKcjo8Hqi7QBKI9IBrbNwzopJu92waxxSJgU0BsHHlG8wdhwTPCvHaHuZniuukhAq~EgU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1468163723&Signature=BM~cLtmhTMIAy2UYFMhPLutmpE4npQD25MByEpLSJzBv6pfGlLcRsuzzq6hJW9kyTWG9Gad2EX2ZHiy0wjyljze9A9npDBtQXQMxk~QtvPntkedTdQUx-6hdPj-VgDWeLpvFlLLlRi-SW0s1GVv-Jzy3yrlzeyUevmnwBWA43DU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1462686715&Signature=RnMcEoSWlwGPS2gLyWCjdR-ymKCcPbDpVxAEpPe1tN0nTtALDLyLNaxAnVbDXTF03lMsjZf4Vt4pvyr7WNHPlOE8X2ToMHV-A7uxqaMqezg~JSFtyNg9QK~dLE1~1Brs-nEBB3NU8WG7~GzhBXiEFfffkwWm9pBCmVwN2pI~2f4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1447213898&Signature=LSC27g2XropeoZVkg91TH8rf9THs8bkH8YeAi7aHrZKp08Dn9QZS26dJqvSMOcEtVQtOEhWrJgwCGNphdL~pXwo2MkgeMuIKi37-WJD1h36DEtciTGq4Y5W21GmliVCvCFHUbYevyJDesjWbBufN6TRsGmMvqgx~SpHmk4EYgek_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1438870821&Signature=f5EMUl5YDgLL9p1N4GK9Ztgm8q9mrPzUE3ONPOwUl7WaCnPHp-2fjUGwQp-hO8rKbYUObuMPmJ7EI0tz4ziFPMgGcXqhLw7r3AsktykL54puSNY2UrGf8CM~gv~hykjqtvoLkKywfcT~z3iLolDeFAi1l3wPSh42Vj7QHQXmz2U_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1466559887&Signature=SOM6asleSr97Dq2k9PghSmvMP8RaInnBMF2YA3inPxdfZTj3RXQdMWUx4muQN~-9tsEhBpKnmNXU5L81c7a3GGJKa4UsTpxWO0Ty-7qYkZxj9CYaEKViD623Gwhxn3xGR8pzzlxc1qNGSICBqXvL0ywbKcujJk9Cr3w53pChcYQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1463462014&Signature=ZXLg3QPwuuvbFKCSdju9yo7W5eogqlf6sM4HCM3cVwhFYC7Kyf5yvnCISg2HFf2dU9fDTmad7wXw9WfBPg52toTqX5MG0myvZThod4JXkmvZMHsHH0ddtt47718Nkfx5zfSgVIdpSlO-1Mk2A16PcHxw-8qFgQ5tx~37LCzuw8A_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1463368121&Signature=hH1IE~uRf2BfKT-x0edh8tZ5zJp0c-AEd09kUQ4NYuEFGdB9qisCFAVegxVTIg1v9axDb7clyOLEZUHBYpcpXVCHFa67pfrX-F7CSGIv0CrJyYP53Lz~7vsd4NuThKX93C806dFJYFr6q3UCBc-eb6jy-ckIOX60Na4JeimbdG4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1457765665&Signature=dmfS8Vh2gH02Un7PdNJoZOohGgGtqDxtVReZyc-gKCeUkLezp3Gbrb8mIljQJNkNWSFm6T2ZJKOaX8MciyfHoJYfgS9~sdOUdJfIhsfYqHtZbhEjtY6CAnHXjayf61NJUNc2rh~tthhBCJKptrqabVBq5oNp5HPCq4diuTOYtCg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1462015149&Signature=InLtes0~H0WFGFZZSobkGax6OyR3mo4mNtVTTiUq9pwha9UI~axVdFJe7VRwrREzQH211Zww1gPWpmI6hfk9GlCqOMc0NSucTvns8ETVmMW2qAC97UAQw~j9N8iU-xFAP8quWfDekFwke1r3yvqbyrmxdMYyjZRxqQ64JFVvyow_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1459577621&Signature=WDQljSTpdwUfPaWqKtaWQ293SZJQc6R2byg7eILPITIZAWClj7sbKUeuVKeJNUTSxfYaRNtDbUpODen9reWbXlf19kKuhB1XWmrzx5oRZgRxufxvC1DBLg6UGvtgXZLXbH1L0v8lNLlJOdf3DFoygD8bLI-uoZQATsqWc3PsAqE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1446808957&Signature=aCV~LaBV-4I0~GwVysknJJH6g5LbjeZuTFvFrccJ0-u77JBGFxsoJA2LqafbhhjPz7zsz5IYb3xO8OUvi12svmsPtn8AZQYBhDZT4XWGIbjPlpZBGM9cjHlz8uL0PbCyZRLwZ5VnE3B1URzn~jDNQ5DcKwRxU5-YAy~mj~XslEQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1457420706&Signature=ZA26IYuH~az5Rz4iUGX7Pqw7jDVHXzM~jqgYh7hckNy9LmDfb3TCe23OgmzoDFbYllinNZdU17rg8z4FGQ50vC3wFXWzkn2GiqG3zd-AAVZmXztSdRKKNBCoSE3Ht42z3cvUPq0OnjPtG9Q47JQVXhtW-YeDLzSJCC3WCCPfAvo_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1436263919&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=X3rC40kVPT3EYEJSwZdvntTGtoYEGWVZsDz7QUOGwqstCXCNqd-0Os0sPOY1hzEqWaFbbZDyXafAG7BH563wR~6fZfiGyWSjdlq8Tzmggjp4yZG~yFi4Dk-Pp0bgFC9jmHf1jLXVnURP0miBR9HcWBzzkISAH8v~2BUgpSKzytA_&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1453584946&Signature=dcl~lU4bBMbRuOjr41L5ZAmLBNsMqVm-TH9wOFKowb7ZkuhaEEm4YuARAsuGiVJqGjGjwcr-bhuOVGVLQ8hRRl0A6WTPjzcIjYohLwagYLQ8vzv6qr8MV7vLSE-ShM~BhzjQ4floC7AabvneXNSFesW3JDwi8Rwrqwx-zfiNPH8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1450618748&Signature=VLWHZ1MlbxudVNMcfhs3vTPMeIUaERSmWcr8RUJweF11vbI90RHNG6PBgd9qIW7UHYGVgnesayzNqiTsStvSRv-sbtQgoj5-4pNakqF6E8g9AZIwSsMn9JJyk5OY9mMPsR9Uia9EvOM4yIRvc9MCX0AywWgSq1TkURP4oKv8GNs_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

http://gsf-cf.softonic.com/ed7/032/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14190&instance=softonic_es&type=PROGRAM&Expires=1452436460&Signature=LR2vEtCbj7~0UKr0z2TNfUQTVXp6Cf41LwEmYybFxnn~8SCml6ezb-CZ3N6dDUJvZnNnQPf2cY0LgN2EKXBZf4RSxYwqpbDF-olcIWaaX8SBj3-mcHyWgagZfumlF5jlpUGG3KvnxpBF7P4geeaEV1198FoYVb0eM9Jc2BqNgWM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=kmd.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to proxy.herokuapp.com (75.101.163.44:80)

Remove kmd.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.