kmspico10.0.9__8174_il4189.exe

Vega Stp

NMK

The application kmspico10.0.9__8174_il4189.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from www.kafiridovishness.site and multiple other hosts.
Publisher:
NMK

Product:
Vega Stp

Description:
smart install

Version:
122.249.241.42

MD5:
2c708134c1b445fdf763e8ed72697eb4

SHA-1:
758a7de8ba4b859d38b085c5afedd4cd48989dd0

SHA-256:
1165471a509f66d76fc86d317cd53ea38cd64c34ed4fc2da905ecd3a5a6fb36b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
12/25/2024 5:33:17 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.InstallMonetizer.NMK.Installer.Meta (M)
16.5.12.14

File size:
1.2 MB (1,234,432 bytes)

Product version:
122.249.241.42

Copyright:
CR 2015

Trademarks:
Trd Mark

Original file name:
tinyinstall.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\kmspico10.0.9__8174_il4189.exe

File PE Metadata
Compilation timestamp:
5/12/2016 8:00:02 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:lqt6vF0Vbk2lLHOiJCeaKlcM5ZYZoztZoP8l5L8XikbrWqUeqHQc9FepfTr:9vF0VCM5GskgWeqUelc9FeZ

Entry address:
0x4BD9

Entry point:
E8, 88, 27, 00, 00, E9, 75, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, 83, 66, 04, 00, C7, 06, 4C, E3, 40, 00, C6, 46, 08, 00, FF, 30, E8, C9, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, FF, 15, C8, D0, 40, 00, E9, 9A, 27, 00, 00, 55, 8B, EC, 8B, 45, 08, C7, 01, 4C, E3, 40, 00, 8B, 00, 89, 41, 04, C6, 41, 08, 00, 8B, C1, 5D, C2, 08, 00, FF, 15, 14, D1, 40, 00, E9, F8, 28, 00, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, 83, 66, 04, 00, C7, 06, 4C, E3, 40, 00, C6, 46, 08, 00, E8, 12, 00, 00, 00, 8B, C6, 5E, 5D...
 
[+]

Entropy:
6.8315

Code size:
46.5 KB (47,616 bytes)

The file kmspico10.0.9__8174_il4189.exe has been seen being distributed by the following 3 URLs.

Remove kmspico10.0.9__8174_il4189.exe - Powered by Reason Core Security