home

KerishDoctor.exe

Kerish Doctor

OOO AMA

It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
Publisher:
Kerish Products  (signed by OOO AMA)

Product:
Kerish Doctor

Version:
4.60

MD5:
e6fa2bd534fef5d506374730109c3baf

SHA-1:
557bf07585844f213d8ad859b36e7ca3a462a723

SHA-256:
dd049fbb0669710ede2bf6794325308895d119ad618a153aa2a6168f1bb6a9e0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
2/26/2025 2:36:30 PM UTC  (today)

File size:
2.7 MB (2,835,944 bytes)

Product version:
4.60

Copyright:
Kerish Products 2005-2014. All Rights reserved.

Trademarks:
Kerish Products 2005-2014. All Rights reserved.

Original file name:
KerishDoctor.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\kerish doctor\kerishdoctor.exe

Digital Signature
Signed by:
OOO AMA

Authority:
Thawte, Inc.

Valid from:
8/5/2013 2:00:00 AM

Valid to:
9/5/2014 1:59:59 AM

Subject:
CN=OOO AMA, OU=IT, O=OOO AMA, L=Voronegh, S="Voroneghskaya oblast ", C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1F3C11346254E097A2EA8B7C9A505E85

File PE Metadata
Compilation timestamp:
8/20/2014 8:48:14 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:3VjkksckS/LOXlGQ3lztZXiddb8aa1ifTyPsUJBfunopnzGIJ16FFMG489QX:3kckSi1jVzzybwaaMfTyPsUDf3vj3R

Entry address:
0xCFEE0

Entry point:
55, 8B, EC, 83, C4, F0, B8, 00, 10, 40, 00, E8, 01, 00, 00, 00, 9A, 83, C4, 10, 8B, E5, 5D, E9, 7C, C6, 9C, 00, 86, 61, 25, 96, CE, 13, F5, 4D, 2B, C6, 62, 05, FC, DC, 17, 6F, C3, 7D, B5, BD, C4, D8, 07, 63, 5E, 8F, AA, 13, 60, 10, C0, 3A, A9, FE, E0, 14, E9, D5, 51, 26, D0, 72, E4, A1, 36, 89, 20, AE, 1F, 4C, A2, F0, 07, CA, 1C, 42, C4, 0F, AC, 7B, 0F, 7A, 0F, C5, 9E, 48, DD, 7B, 16, A1, FC, E5, B0, 0C, 12, AA, 02, 82, A0, 27, 53, C4, EA, E5, 98, 56, 78, 5C, 22, 12, 87, 35, A2, BD, 9C, 3A, C9, 84, CF, 53...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
6.3 MB (6,565,888 bytes)

Scheduled Task
Task name:
Kerish Doctor

Trigger:
Logon (Runs on logon)

Description:
Kerish Doctor Startup


Scan KerishDoctor.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.