kpzip.exe

The application kpzip.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from down.hejie123.com. While running, it connects to the Internet address hn.kd.ny.adsl on port 80 using the HTTP protocol.
MD5:
799177577b1460c98d24b6a1403b7186

SHA-1:
6b4d1c33c7650c29f7ee486d4cfc857f776800fe

SHA-256:
f86085273f0841d683e29b0d650e818181e5498c832f739081c3804a586248d9

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 6:41:18 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WebOptimum (M)
16.12.12.8

File size:
1.6 MB (1,669,632 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\kpzip.exe

File PE Metadata
Compilation timestamp:
12/12/2016 3:31:28 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0xC6ED2

Entry point:
E8, DB, DC, 00, 00, E9, 7B, FE, FF, FF, 3B, 0D, 4C, 19, 58, 00, 75, 02, F3, C3, E9, DA, 12, 00, 00, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 90, AB, 58, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, C0, 19, 58, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 90, AB, 58, 00, 00, 0F, 83, A7, 01...
 
[+]

Code size:
1.3 MB (1,316,352 bytes)

The file kpzip.exe has been seen being distributed by the following URL.

http://down.hejie123.com/.../kpzip.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to hn.kd.ny.adsl  (42.236.125.11:80)

Remove kpzip.exe - Powered by Reason Core Security