home

kundli45.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from files.downv.com and multiple other hosts.
MD5:
4abdba897db8f2c85465bb02a64ef0d9

SHA-1:
3a5f6d6733a7f5de4a39f395be5f8869aba17784

SHA-256:
022fb0adbf411df00792ccd7375fd4fca07c1544cc6d289451d984453f00dffe

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/26/2024 11:18:11 PM UTC  (a few moments ago)

File size:
5.5 MB (5,721,764 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\kundli45.exe

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:EVl4WJyPM8QZ8xhB8G6TYKObn1GLAFIGzVgmqRaUPcpXwdAmOrRiKNFA9Ri:OSWcM8a8xhBWTVO6MCR5EXwdAmONfnAC

Entry address:
0xBF98

Entry point:
55, 8B, EC, 83, C4, B8, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, BC, 89, 45, B8, E8, B3, 70, FF, FF, E8, 1A, 85, FF, FF, E8, 25, A7, FF, FF, E8, 6C, A7, FF, FF, E8, 5B, A8, FF, FF, E8, E6, FA, FF, FF, BE, 24, FF, 40, 00, 33, C0, 55, 68, C8, C5, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 58, C5, 40, 00, 64, FF, 32, 64, 89, 22, 8D, 55, F0, 33, C0, E8, 87, F2, FF, FF, 8B, 55, F0, B8, 88, FC, 40, 00, E8, 6E, 71, FF, FF, 8B, 15, 88, FC, 40, 00, B8, 8C, FC, 40, 00, E8, 43, 7B, FF, FF, C6, 05, 33, F0, 40, 00...
 
[+]

Entropy:
7.9978

Developed / compiled with:
Microsoft Visual C++

Code size:
46 KB (47,104 bytes)

The file kundli45.exe has been seen being distributed by the following 21 URLs.

https://files.downv.com/get_download.php?id=101682398&time=1474508791&md5=36300e68a1589c52957877cedb9a6316

https://files.downv.com/get_download.php?id=100436543&time=1449539046&md5=fdbfa67f337dee63cb3f3578a04fe764

https://files.downv.com/get_download.php?id=101682398&time=1481706531&md5=d8244bcbecd304f6726277f46a694fdc

https://files.downv.com/get_download.php?id=100436543&time=1482591706&md5=ab01dd43e558d65a194fd7ae82a6f062

https://files.downv.com/get_download.php?id=101682398&time=1471591258&md5=65098df85e157991111823ecd0066929

https://files.downv.com/get_download.php?id=100436543&time=1478205374&md5=e6e0f58f3090637dfef51a42a8b073d6

http://www.currentupdateconcepts.com/Hs7g11zHJkJaM7NlmKLUnGH1xMjPydUWrxI4KeD2NKFNdfWDRuvHCTZPA4xGJzdsWaQof3jLJsdclYfcLJMVXgbTzUna8QRFjU3uGXdXJgzuyT8GiBBx8TQNgvON_7NP3TydaGqtYG01LfenGA71MP3WwgWOlX8Un7PntShKiXyW9SrmtgoEPmejKoNykc9ULNbKBjDn-Gx0AAMRtbE7nNhxF0ghsQQqRZRa5caA3Jv6VN6s53Zw8AA==

temp:Kundli45.exe

https://files.downv.com/get_download.php?id=100436543&time=1478423689&md5=44187700f0b43fa7dc9c0d0ccd099dbd

https://files.downv.com/get_download.php?id=100436543&time=1468876718&md5=2185ea656b524bc6f2ba956cdfa3d7cc

https://files.downv.com/get_download.php?id=100436543&time=1463309315&md5=d018b32defbb207715ac4066d9a5203a

http://www.downloadcollection.com/downloadredirect.php?idx=681225

http://freedownloadsapps.com/download_now.asp?d_fname=-undli-for-windows-pro-edition&fno=83115

http://kundli.soft32.com/goto/file/id/.../?iframe=true&width=420&height=200&no_download_manager=1

http://kundli.soft32.com/get/file/id/.../

https://files.downv.com/get_download.php?id=100436543&time=1457424139&md5=6c303b301e6d6db147c8f2e39dbc94de

http://www.sharewarejunction.com/get/dl/.../

http://www.czoneindia.com/.../Kundli45.exe

http://www.czoneindia.com/.../kundli40.exe

https://files.downv.com/get_download.php?id=100436543&time=1448966317&md5=3c9b85bb658717b53983fdbc1e7b44bd

http://kundli.soft32.com/get/file/id/.../?no_download_manager=true

Scan kundli45.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.