kmp_4.0.1.5.exe

Recode

The application kmp_4.0.1.5.exe by Recode has been detected as adware by 13 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This setup program installs potentially unwanted software on the user's PC at the same time as the expected/marketing software, without adequate consent. The program is typically installed via a form of malvertising It is also typically executed from the user's temporary directory.
Publisher:
Marvelous Lively Software Installer  (signed by Recode)

Product:
Marvelous Lively Software Installer

Version:
15.7.8.7188

MD5:
fe3c415a2159be8ca2b477ca08c51291

SHA-1:
b83c66a6f61e67980270e29d97120a189c702cac

SHA-256:
d06cec72d723f71f4e556d8318814aaa272f3fd5622d5fdb604bb574b3b4b58e

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
11/27/2024 1:53:39 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.DownloadAdmin
2015.10.29

avast!
Win32:Downloader-WDJ [PUP]
2014.9-151028

Baidu Antivirus
PUA.Win32.DownloadAdmin
4.0.3.151028

Dr.Web
Trojan.Vittalia.802
9.0.1.0301

ESET NOD32
Win32/DownloadAdmin.P potentially unwanted (variant)
9.12480

G Data
Win32.Application.DownloadAdmin
15.10.25

K7 AntiVirus
Adware
13.212.17683

McAfee
Artemis!FE3C415A2159
5600.6598

Microsoft Security Essentials
SoftwareBundler:Win32/Dowadmin
1.1.12205.0

Panda Antivirus
Trj/Genetic.gen
15.10.28.11

Reason Heuristics
PUP.DownloadAdmin.Recode.Installer (M)
15.10.28.23

Sophos
Generic PUA LI (PUA)
4.98

VIPRE Antivirus
Trojan.Win32.Generic
44880

File size:
763.6 KB (781,936 bytes)

Product version:
15.7.8.7188

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\kmp_4.0.1.5.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
10/13/2015 4:17:38 PM

Valid to:
10/13/2016 4:17:38 PM

Subject:
CN=Recode, O=Recode, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
35D367DFBD312E49

File PE Metadata
Compilation timestamp:
11/19/2014 2:07:25 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:9lgL4WW4lH2Qebe7jVk31TIYx3DA6TtS3X7WNB/KIdWdNy2Ahb0I5FXy95eOCNbS:GsUHxebe7MFAL3XyBCAWdNyLhrbOCBSr

Entry address:
0x1F27E0

Entry point:
60, BE, 00, 70, 53, 00, 8D, BE, 00, A0, EC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.9226

Packer / compiler:
UPX 2.90LZMA

Code size:
752 KB (770,048 bytes)

Remove kmp_4.0.1.5.exe - Powered by Reason Core Security