» MK.exe
Overview
Analysis
File Details
Behaviors (1)

MK.exe

Beijing Stone Age Network Technology Limited Company

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘MKLOL’.

File name:

MK.exe

Publisher:

MK (signed by Beijing Stone Age Network Technology Limited Company)

Product:

Description:

MK Main Exec

Version:

1.0.0.280

MD5:

d1dfbe08fd528bca9cc486d86d10a052

SHA-1:

98a870ec9a005ca2fdec09bd96366da5f05c834e

SHA-256:

80360a6e5ca9db1d0487c0ab49f21de2a615ecbc90c30fa73ab179b64e57fb9c

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/27/2024 7:43:01 AM UTC (today)

File size:

1.1 MB (1,107,144 bytes)

Product version:

1.0.0.280

MK,Copy Right.

Original file name:

MK.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\Program Files\mkjogo\mklol\mk.exe

Digital Signature

Signed by:

Beijing Stone Age Network Technology Limited Company

Authority:

VeriSign, Inc.

Valid from:

5/15/2013 3:00:00 AM

Valid to:

5/15/2016 2:59:59 AM

Subject:

CN=Beijing Stone Age Network Technology Limited Company, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Beijing Stone Age Network Technology Limited Company, L=Beijing, S=Beijing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7F38F0C7294B210E0E6052AA319C3D00

File PE Metadata

Compilation timestamp:

3/18/2014 11:52:15 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:PAGpvSi9Pg0VVVrtH/oQQZQMvcS3kmf3CB3:PJj94oVVrtHwjZv92B3

Entry address:

0x54DB8

Entry point:

E8, 67, B0, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, 78, 1F, 48, 00, E8, C2, 8C, 00, 00, 33, C0, 33, F6, 39, 75, 08, 0F, 95, C0, 3B, C6, 75, 15, E8, 16, 5D, 00, 00, C7, 00, 16, 00, 00, 00, E8, E2, 6D, 00, 00, 83, C8, FF, EB, 5F, E8, C9, B0, 00, 00, 6A, 20, 5B, 03, C3, 50, 6A, 01, E8, D4, B1, 00, 00, 59, 59, 89, 75, FC, E8, B2, B0, 00, 00, 03, C3, 50, E8, 5F, B2, 00, 00, 59, 8B, F8, 8D, 45, 0C, 50, 56, FF, 75, 08, E8, 9A, B0, 00, 00, 03, C3, 50, E8, 4A, B3, 00, 00, 89, 45, E4, E8, 8A, B0, 00, 00, 03, C3, 50... 
[+]

Entropy:

7.3303

Code size:

449 KB (459,776 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

MKLOL

Command:

"C:\Program Files\mkjogo\mklol\mk.exe" -auto

Scan MK.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.