home

_kw2pdf.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from ekw.y0.pl.
Description:
KW2PDF

Version:
1.9.0.0

MD5:
b534a713d5b440ab8a603fd2608ffb3d

SHA-1:
06d7f5953735bae684d7119c206ebb49f8e99069

SHA-256:
3f6b3093b66e25fe4f037e20a87afba2aa2a6520293222fcf05da3953050bdc8

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/6/2024 1:50:52 AM UTC  (today)

File size:
2.5 MB (2,643,456 bytes)

Product version:
1.9.0.0

Original file name:
KW2PDF.exe

File type:
Executable application (Win32 EXE)

Language:
Polish (Poland)

File PE Metadata
Compilation timestamp:
3/5/2016 12:46:42 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:QC/kg1u4s7gORGF4I9ZdZoJPMo37HcDdtYvOFv6ghVYhgJdza:QAkg1u4ari4I9ZzotMo3KdGkXhooG

Entry address:
0xEFE030

Entry point:
60, BE, 00, 80, 08, 01, 8D, BE, 00, 90, 37, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 7F, C7, EF, 00, 57, 83, C3, 04, 53, 68, 23, 60, 27, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.9948  (probably packed)

Code size:
2.5 MB (2,584,576 bytes)

The file _kw2pdf.exe has been seen being distributed by the following URL.

http://ekw.y0.pl/.../KW2PDF.exe

Scan _kw2pdf.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.