mk.exe

Mp3 Knife

Vicky's Cool Softwares

The application mk.exe, “Mp3 Knife Setup ” has been detected as a potentially unwanted program by 24 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
Vicky's Cool Softwares

Product:
Mp3 Knife

Description:
Mp3 Knife Setup

Version:
3.2

MD5:
6853f12fd099f661a2a25a3d0fc68f3a

SHA-1:
d93976723e2cef49d82c82f298b1b7d807986c27

SHA-256:
a85ffad36029105e39b0e6f00b82d48485ea1835f7aa9fb67bc688324fb3cf01

Scanner detections:
24 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 9:48:38 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Relevant.BA
196

Avira AntiVirus
TR/Agent.adh.363
7.11.215.236

avast!
Win32:Relevant-P [PUP]
2014.9-160722

AVG
RelevantKnowledge
2017.0.2674

Baidu Antivirus
Hacktool.Win32.Monitor
4.0.3.16722

Bitdefender
Adware.Relevant.BA
1.0.20.1020

Dr.Web
Adware.Relevant.67
9.0.1.0204

Emsisoft Anti-Malware
Adware.Relevant.BA
8.16.07.22.05

ESET NOD32
Win32/Adware.MarketScore
10.11300

Fortinet FortiGate
Adware/Relevant
7/22/2016

F-Prot
W32/AdSpy.A
v6.4.7.1.166

F-Secure
Adware.Relevant.BA
11.2016-22-07_6

G Data
Adware.Relevant.BA
16.7.25

K7 AntiVirus
Trojan
13.200.15223

Kaspersky
not-a-virus:Monitor.Win32.RK
14.0.0.-134

McAfee
Artemis!6853F12FD099
5600.6330

MicroWorld eScan
Adware.Relevant.BA
17.0.0.612

NANO AntiVirus
Trojan.Win32.Relevant.xrotp
0.30.0.296

Norman
Suspicious_Gen2.QQNUB
11.20160722

nProtect
Adware.Relevant.BA
15.03.10.01

Sophos
RelevantKnowledge
4.98

Vba32 AntiVirus
Signed-AdWare.Win32.Relevant
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Adware
38312

ViRobot
Adware.AdMoke.2345523[h]
2014.3.20.0

File size:
2.2 MB (2,345,523 bytes)

Product version:
3.2

Copyright:
Copyright (C) 2009 Vicky's Cool Softwares

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\mk.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:L2Z1+gP7na20VfK57z/RucYQBEDrXYhHJsBUeYh0ViLh16TFtjj0blHnSq:CZ1T6VS5H/R/BUXY3sBUe20iLf6TnQxf

Entry address:
0x9B24

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, A2, 95, FF, FF, E8, A9, A7, FF, FF, E8, D4, C9, FF, FF, E8, 1B, CA, FF, FF, E8, 0E, F3, FF, FF, E8, 75, F4, FF, FF, 33, C0, 55, 68, DB, A1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, A4, A1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 02, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 04, D0, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 53, 96, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD, 40, 00, B2, 01, B8...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file mk.exe has been seen being distributed by the following URL.

Remove mk.exe - Powered by Reason Core Security