» kstn2mzg1.exe
Overview
Analysis
File Details

kstn2mzg1.exe

BIG JOURNEY TECHNOLOGY LIMITED

The application kstn2mzg1.exe by BIG JOURNEY TECHNOLOGY LIMITED has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

kstn2mzg1.exe

Publisher:

BIG JOURNEY TECHNOLOGY LIMITED (signed and verified)

MD5:

7404269e91e0f2f54673709d80657f26

SHA-1:

b645b4b5f80d39a2d226adc52e25a710fd5a1311

SHA-256:

6dbaa6c71f18fde53f6b4a42e1293c586cdeec1dbe00a0a82d34700b1b550964

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/6/2024 12:33:14 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.YesSearches (M)

16.10.12.7

File size:

408.7 KB (418,520 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\kstn2mzg1.exe

Digital Signature

Signed by:

BIG JOURNEY TECHNOLOGY LIMITED

Authority:

GlobalSign nv-sa

Valid from:

9/28/2016 7:38:45 PM

Valid to:

1/21/2017 9:56:27 AM

Subject:

CN=BIG JOURNEY TECHNOLOGY LIMITED, O=BIG JOURNEY TECHNOLOGY LIMITED, L=香港, S=香港, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE

Serial number:

70D9FFB29C16C8102768B510

File PE Metadata

Compilation timestamp:

10/9/2016 5:41:59 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:6zzUfxRQMl279eIQTQnf1LrgpKjP5dQ9RhRT:bJKc2B4Tzp45GT

Entry address:

0x4E8B

Entry point:

E8, 61, F9, FF, FF, E9, 75, 75, 00, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, C0, 31, 00, 00, C7, 06, 88, 06, 46, 00, 8B, C6, 5E, 5D, C2, 04, 00, CC, 56, 57, 68, 80, D2, 45, 00, FF, 15, 18, C1, 45, 00, 8B, 35, 04, C0, 45, 00, 8B, F8, 68, 9C, D2, 45, 00, 57, FF, D6, 33, 05, 00, 30, 46, 00, 68, A8, D2, 45, 00, 57, A3, C0, 99, 46, 00, FF, D6, 33, 05, 00, 30, 46, 00, 68, B0, D2, 45, 00, 57, A3, C4, 99, 46, 00, FF, D6, 33, 05, 00, 30, 46, 00, 68, BC, D2, 45, 00, 57, A3, C8, 99, 46, 00, FF, D6, 33, 05, 00, 30... 
[+]

Entropy:

7.7974 (probably packed)

Code size:

361.5 KB (370,176 bytes)

Remove kstn2mzg1.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.