home

kmp_4.0.1.5.exe

Recode

The application kmp_4.0.1.5.exe by Recode has been detected as adware by 7 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
Marvelous Lively Software Installer  (signed by Recode)

Product:
Marvelous Lively Software Installer

Version:
15.7.8.7188

MD5:
e185f042456d78de82822d00a77395db

SHA-1:
d957089447a2301f64d69b083a8d9060c2bdb79b

SHA-256:
83049f4fa217fdab20e4f018ce8140e2b984d51b826b2b30e5cc56d747963096

Scanner detections:
7 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
5/19/2024 10:12:38 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Vittalia.802
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.DownloadAdmin
10.0.0.5735

ESET NOD32
Win32/DownloadAdmin.P potentially unwanted application
8.0.319.0

F-Secure
Trojan.GenericKD.2836659
5.15.96

Microsoft Security Essentials
Threat.Undefined
1.215.3133.0

Reason Heuristics
PUP.DownloadAdmin.Recode.Installer (M)
16.3.30.3

VIPRE Antivirus
Threat.4150696
47432

File size:
882.6 KB (903,776 bytes)

Product version:
15.7.8.7188

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\kmp_4.0.1.5.exe

Digital Signature
Signed by:
Recode

Authority:
GoDaddy.com, Inc.

Valid from:
10/13/2015 11:17:38 PM

Valid to:
10/13/2016 11:17:38 PM

Subject:
CN=Recode, O=Recode, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
35D367DFBD312E49

File PE Metadata
Compilation timestamp:
11/19/2014 1:37:25 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:GsUHxebe7MFAL3XyBCAWdNyLhrbOCBSf1:GHzf3XyoAxrbX4f

Entry address:
0x1F27E0

Entry point:
60, BE, 00, 70, 53, 00, 8D, BE, 00, A0, EC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.3661

Packer / compiler:
UPX 2.90LZMA

Code size:
752 KB (770,048 bytes)

Remove kmp_4.0.1.5.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.