home

kxetray.exe

Kingsoft Internet Security

Beijing Kingsoft Security software Co.,Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘kxesc’.
Publisher:
Kingsoft Corporation  (signed by Beijing Kingsoft Security software Co.,Ltd)

Product:
Kingsoft Internet Security

Description:
金山毒霸

Version:
2016,01,13,15164

MD5:
737c0cfcd83a1975ee64e3ee1de64923

SHA-1:
cfd6c04c9eefa79f981b1e2b613eb5aa27614e19

SHA-256:
1e2418a4c7ebb71b40b4ac1922849c5d427541f8cdfd2576ec1d30c2febc3b20

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 10:26:40 AM UTC  (today)

File size:
1.5 MB (1,622,984 bytes)

Product version:
9,3,265420,15164

Copyright:
Copyright (C) 1998-2016 Kingsoft Corporation

Original file name:
kxetray.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\kingsoft\kingsoft antivirus\kxetray.exe

Digital Signature
Signed by:
Beijing Kingsoft Security software Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
12/22/2015 8:00:00 AM

Valid to:
2/20/2017 7:59:59 AM

Subject:
CN="Beijing Kingsoft Security software Co.,Ltd", OU=IT, O="Beijing Kingsoft Security software Co.,Ltd", L=BeiJing, S=BeiJing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6AA73BC73180A3CF0701B4C1E689D93A

File PE Metadata
Compilation timestamp:
1/13/2016 5:33:43 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:CEPxXAPGDA3oZldhFifrFW6m6glbpCTCLYv3qT9vUXswrchc2cccccpcccccccc+:C4VqGDA3kzDeNOlCTCLYv3qhUcP

Entry address:
0xECE45

Entry point:
E8, AA, 03, 00, 00, E9, 36, FD, FF, FF, CC, 68, A9, CE, 4E, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 28, 50, 56, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, FF, 74, 24, 10, FF, 74, 24, 10, FF, 74, 24, 10, FF, 74, 24, 10, 68, CC, CE, 4E, 00, 68, 28, 50, 56, 00, E8, C0...
 
[+]

Entropy:
6.1458

Code size:
977 KB (1,000,448 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
kxesc

Command:
"C:\Program Files\kingsoft\kingsoft antivirus\kxetray.exe" -autorun


Scan kxetray.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.