Reason Labs

kyubey.exe

The application kyubey.exe has been detected as Adware.Elex.Kyubey. It runs as a separate (within the context of its own process) windows Service named “Kyubey”.
MD5:
73a741051fa679264c3f0ba9c76cc6f5

SHA-1:
cc9ab9634e9ab64d524297bfb62cf312f1b6b741

SHA-256:
aa1f6c7cb7630d55841579acf804f8fb5c75077b5e8e5b24ca1ac63d2bc66f0a

Detection:
Adware.Elex.Kyubey

Risk:
Medium

Analysis date:
12/15/2018 10:58:49 PM UTC  (today)

File size:
139 KB (142,336 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\kyubey\kyubey.exe

File PE Metadata
Compilation timestamp:
12/7/2004 1:18:57 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x27BCE

Entry point:
83, 3C, 24, FE, 77, FE, 8D, 64, 24, CC, 60, 83, EC, DC, E8, AE, FF, FF, FF, F6, D6, 4B, 66, 4B, E9, D1, 96, FF, FF, 49, 8B, FD, 86, CE, 8D, 44, 24, 28, 89, 74, 24, 4C, 84, C1, 29, E9, 47, 96, 6A, 20, 83, D1, EE, 86, E0, B8, 9B, F5, A4, 19, 8B, 7C, 24, 4C, 6A, 08, 49, FE, CA, 54, 83, F2, 83, FF, D7, FF, 54, 24, 50, 80, E6, 57, FE, 0C, 24, 0F, 85, E5, FF, FF, FF, 58, 6A, 01, E8, A1, 97, FF, FF, 8A, CA, C7, 46, 14, 0C, 00, 00, 00, 80, F1, F2, 8F, 46, 1C, 4A, 81, E9, A4, 88, 03, 59, F7, D7, 8D, 85, 0C, 99, FF...
 
[+]

Entropy:
6.7716

Characteristics:
0x259

Code size:
77 KB (78,848 bytes)

Properties
Services:
Kyubey

Integrity level:
16384

Command line:
C:\Users\lenovo666\AppData\Roaming\Kyubey\Kyubey.exe -s

Service
Display name:
Kyubey

Type:
Win32OwnProcess


There are numerous known code variantions that share the same compilation structure.

Adware.Elex.Kyubey
kyubey.exe  (889889807cc4e35df49f4817ff2c71e5cea338df)

Adware.Elex
kyubey.exe  (85c0126be019555d6ae23a554074ced6b2c60be8)

Adware.Elex
kyubey.exe  (89cb3106e462f83cba91857034530d9d3c47baa4)

Adware.Elex
kyubey.exe  (710dfde46364b91c30c51e721e7273a77a3329a8)

Adware.Elex.Kyubey
kyubey.exe  (2826eb7b362007d8d29b9ad7e2fae2b3e385fa30)

Adware.Elex
kyubey.exe  (29ed0da36f9855e8e5ca5946c96114abd838aec9)

Adware.Elex
kyubey.exe  (b768303bef9161e7b3ef6be63c790eeb9ee70160)

Adware.Elex
kyubey.exe  (9afe17de447047d4b134554c5dc042ca76f609e1)

Adware.Elex
kyubey.exe  (6feb64002e911333bb79e7f4642da683adc4c088)

Adware.Elex.Kyubey
kyubey.exe  (7d248aa15e4cfe051071eaa38ecd9cbd748072a6)

Adware.Elex.Kyubey
kyubey.exe  (39f5219bc04305d59ee7a9a3a0b7428f235d1b04)

Adware.Elex
kyubey.exe  (16b8819834a73f5d13f8b4fd350a50d54fba59c6)

Adware.Elex
kyubey.exe  (80939aaef12bd3b609cd123d6263631bbd34b696)

Adware.Elex
kyubey.exe  (014119c753a7c2715d3c73f7dbc4d41d4e733af3)

Adware.Elex.Kyubey
kyubey.exe  (cb6e44d2a797bffb57bc9f71a82a281b6761dba4)

Download Reason Core Security - Powerful anti-malware software