» KuGoo.exe
Overview
Analysis
File Details
Behaviors (1)

KuGoo.exe

Guangzhou KuGou Computer Technology Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘KuGou’.

File name:

KuGoo.exe

Publisher:

酷狗音乐 (signed by Guangzhou KuGou Computer Technology Co., Ltd.)

Product:

酷狗音乐

Description:

酷狗音乐2010

Version:

6.1.2.194

MD5:

26832bf51c945a95d961f71bfc436138

SHA-1:

24b711a2d5d261c33f2beeafa78fee74be1c1124

SHA-256:

1c3407e815f3466f6c35c6a278118ec69f7e3a0c25d1a7101e9896f1aa0a4b54

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

12/26/2024 3:29:56 PM UTC (today)

File size:

4.1 MB (4,334,904 bytes)

Product version:

6.1

酷狗音乐

Original file name:

KuGoo.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\Program Files\kugou\kugou2010\kugoo.exe

Digital Signature

Signed by:

Guangzhou KuGou Computer Technology Co., Ltd.

Authority:

VeriSign, Inc.

Valid from:

4/21/2009 8:00:00 AM

Valid to:

4/22/2011 7:59:59 AM

Subject:

CN="Guangzhou KuGou Computer Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Guangzhou KuGou Computer Technology Co., Ltd.", L=Guangzhou, S=Guangdong, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3CDFFB8B3AA12C5336AC2AB3F5407FAA

File PE Metadata

Compilation timestamp:

11/20/2009 10:32:07 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x327A48

Entry point:

55, 8B, EC, 83, C4, EC, 53, 56, 57, 33, C0, 89, 45, EC, B8, 04, 34, 72, 00, E8, 30, 02, CE, FF, 33, C0, 55, 68, FC, 7D, 72, 00, 64, FF, 30, 64, 89, 20, E8, 55, 47, FB, FF, 84, C0, 0F, 85, 6B, 03, 00, 00, E8, C8, 46, FB, FF, 84, C0, 74, 0A, E8, 57, 3E, FF, FF, E9, 58, 03, 00, 00, 68, 0C, 7E, 72, 00, E8, 78, 12, CE, FF, 8B, 15, EC, 84, 74, 00, 89, 02, 68, 0C, 7E, 72, 00, 6A, 00, 6A, 00, E8, 62, 05, CE, FF, 8B, 15, 48, 81, 74, 00, 89, 02, 68, 24, 7E, 72, 00, 6A, 00, 6A, 00, E8, 4C, 05, CE, FF, 8B, 15, 38, 84... 
[+]

Entropy:

6.6090

Developed / compiled with:

Microsoft Visual C++

Code size:

3.1 MB (3,301,888 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

KuGou

Command:

C:\Program Files\kugou\kugou2010\kugoo.exe min

Scan KuGoo.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.