home

kungfu.exe

The executable kungfu.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address lb-212-247.above.com on port 80 using the HTTP protocol.
MD5:
0f38ca5ed418e8f23edb22a5564d9940

SHA-1:
dd066ba1c9474d82f430631e8e49fe5bfc5a48d5

SHA-256:
6e8251ad9c0ee4426bab997cd446d6fb0cf891351513306db23daf98c609873e

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/23/2024 3:32:17 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.3.23.17

File size:
328 KB (335,872 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
5/9/2000 6:09:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:Dk1fDX2pOeMDjRSk2OC9Y/GHn2pc6aDzzOcH2hOdV3UZ3qvVc0Uzqj:wBDGAhSk2OuXHKc6aDHOgX33g6TYC

Entry address:
0x351C

Entry point:
55, 8B, EC, 6A, FF, 68, B8, 60, 40, 00, 68, 0C, 49, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 44, 60, 40, 00, 33, D2, 8A, D4, 89, 15, 30, 77, 40, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 2C, 77, 40, 00, C1, E1, 08, 03, CA, 89, 0D, 28, 77, 40, 00, C1, E8, 10, A3, 24, 77, 40, 00, 33, F6, 56, E8, E0, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, D9, 10, 00, 00, FF, 15, 40, 60, 40, 00, A3, 34, 7C, 40, 00, E8...
 
[+]

Entropy:
7.8977

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
20 KB (20,480 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to lb-212-247.above.com  (103.224.212.247:80)

Remove kungfu.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.