KPTOOLBAR.EXE

KPToolBar应用程序

Chongqing QuWan Technology Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘KPToolBar’.
Publisher:
Chongqing QuWan Technology Co., Ltd.  (signed and verified)

Product:
KPToolBar应用程序

Description:
酷屏工具条

Version:
1, 0, 1, 5

MD5:
947e4f3b5e5e2ff9b843892a03c00f7f

SHA-1:
1d629a862814e6aa32abafa4f693b7c85725e797

SHA-256:
6872cea75035c1f1b85c9c1ee15ad4218704e48dd34a3cba3d54be51126a8dd7

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/25/2024 7:50:12 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Weiduan.14
9.0.1.05190

File size:
803.4 KB (822,712 bytes)

Product version:
1, 0, 1, 5

Copyright:
话语科技版权所有 (C) 2014

Original file name:
KPTOOLBAR.EXE

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Digital Signature
Authority:
WoSign CA Limited

Valid from:
2/18/2014 9:04:27 PM

Valid to:
2/18/2015 9:04:27 PM

Subject:
CN="Chongqing QuWan Technology Co., Ltd.", E=69650343@qq.com, O="Chongqing QuWan Technology Co., Ltd.", L=Chongqing, S=Chongqing, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
27E41047825795855F19CC7565E51E9E

File PE Metadata
Compilation timestamp:
5/15/2014 5:02:09 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x370AE

Entry point:
55, 8B, EC, 6A, FF, 68, 70, B9, 4A, 00, 68, 0C, 72, 43, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, A0, A5, 4A, 00, 59, 83, 0D, C8, 31, 4C, 00, FF, 83, 0D, CC, 31, 4C, 00, FF, FF, 15, 9C, A5, 4A, 00, 8B, 0D, 50, 21, 4C, 00, 89, 08, FF, 15, 98, A5, 4A, 00, 8B, 0D, 4C, 21, 4C, 00, 89, 08, A1, 94, A5, 4A, 00, 8B, 00, A3, C4, 31, 4C, 00, E8, 22, 01, 00, 00, 39, 1D, F0, F0, 4B, 00, 75, 0C, 68, 3C, 72, 43, 00, FF, 15, 90, A5...
 
[+]

Entropy:
6.4276

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
676 KB (692,224 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
KPToolBar

Command:
C:\kptoolbar\kptoolbar.exe start


Scan KPTOOLBAR.EXE - Powered by Reason Core Security