home

ksbrowser_12306_r3.exe

猎 豹 浏 览 器

Kingsoft Security Co.,Ltd

This is a setup program which is used to install the application. The file has been seen being downloaded from dlc2.pconline.com.cn.
Publisher:
Kingsoft Corporation  (signed by Kingsoft Security Co.,Ltd)

Product:
猎 豹 浏 览 器

Description:
猎豹安全浏览器安装程序

Version:
5.1.73.9168

MD5:
d1034278e1a5db75ebd6b1d20d570306

SHA-1:
ee0e6bcb311c5d96870fe974072097c93a383d57

SHA-256:
2418dcd4a27ff526da1c539282fd3a70436f563d0744617ddd4d911ecd8740a0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 2:27:18 AM UTC  (today)

File size:
49.5 MB (51,925,072 bytes)

Product version:
5.1.73.9168

Copyright:
Copyright (C) 2013 Kingsoft Corporation

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\ksbrowser_12306_r3.exe

Digital Signature
Signed by:
Kingsoft Security Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
3/7/2013 8:00:00 AM

Valid to:
4/6/2016 7:59:59 AM

Subject:
CN="Kingsoft Security Co.,Ltd", OU=毒霸研发部, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Kingsoft Security Co.,Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
554151E0CFFA2C951307AE6087C28052

File PE Metadata
OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
1572864:erTbGwfmx1SWtKHhl4Obn2Tv74cwSqcHYA0:qTbGw+HSWtKHhl4w2TMcwSqTA0

Entry address:
0xAA8D2

Entry point:
E8, 46, 14, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 50, 39, 50, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, DA, B0, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 8D, 85, E4, FC, FF, FF, 6A, 4C, 6A, 00, 50, E8, CA, C0, FF, FF, 8D, 85, E0, FC, FF, FF, 83, C4, 0C, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC...
 
[+]

Entropy:
7.9862  (probably packed)

Code size:
837.5 KB (857,600 bytes)

The file ksbrowser_12306_r3.exe has been seen being distributed by the following URL.

http://dlc2.pconline.com.cn/filedown_172233_6965647/.../KSBrowser_12306_r3.exe

Scan ksbrowser_12306_r3.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.