» KPTOOLBAR.EXE
Overview
Analysis
File Details
Behaviors (1)

KPTOOLBAR.EXE

KPToolBar应用程序

Chongqing QuWan Technology Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘KPToolBar’.

File name:

KPTOOLBAR.EXE

Publisher:

Chongqing QuWan Technology Co., Ltd. (signed and verified)

Product:

KPToolBar应用程序

Description:

酷屏工具条

Version:

1, 0, 1, 5

MD5:

947e4f3b5e5e2ff9b843892a03c00f7f

SHA-1:

1d629a862814e6aa32abafa4f693b7c85725e797

SHA-256:

6872cea75035c1f1b85c9c1ee15ad4218704e48dd34a3cba3d54be51126a8dd7

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

11/5/2024 3:18:33 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Weiduan.14

9.0.1.05190

File size:

803.4 KB (822,712 bytes)

Product version:

1, 0, 1, 5

Original file name:

KPTOOLBAR.EXE

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, China)

Digital Signature

Signed by:

Chongqing QuWan Technology Co., Ltd.

Authority:

WoSign CA Limited

Valid from:

2/18/2014 9:04:27 PM

Valid to:

2/18/2015 9:04:27 PM

Subject:

CN="Chongqing QuWan Technology Co., Ltd.", E=69650343@qq.com, O="Chongqing QuWan Technology Co., Ltd.", L=Chongqing, S=Chongqing, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

27E41047825795855F19CC7565E51E9E

File PE Metadata

Compilation timestamp:

5/15/2014 5:02:09 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x370AE

Entry point:

55, 8B, EC, 6A, FF, 68, 70, B9, 4A, 00, 68, 0C, 72, 43, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, A0, A5, 4A, 00, 59, 83, 0D, C8, 31, 4C, 00, FF, 83, 0D, CC, 31, 4C, 00, FF, FF, 15, 9C, A5, 4A, 00, 8B, 0D, 50, 21, 4C, 00, 89, 08, FF, 15, 98, A5, 4A, 00, 8B, 0D, 4C, 21, 4C, 00, 89, 08, A1, 94, A5, 4A, 00, 8B, 00, A3, C4, 31, 4C, 00, E8, 22, 01, 00, 00, 39, 1D, F0, F0, 4B, 00, 75, 0C, 68, 3C, 72, 43, 00, FF, 15, 90, A5... 
[+]

Entropy:

6.4276

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

676 KB (692,224 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

KPToolBar

Command:

C:\kptoolbar\kptoolbar.exe start

Scan KPTOOLBAR.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.