home

KerishDoctor.exe

Kerish Doctor

OOO AMA

It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
Publisher:
Kerish Products  (signed by OOO AMA)

Product:
Kerish Doctor

Version:
4.65

MD5:
603db0775ff11c10ae4504597b3ed4dc

SHA-1:
64031723364d655af847459e8992f49b914b64d2

SHA-256:
870bf371f57f47a7d747cdb5009c90abfbbc011050e0e7cc404d29f987fcd7f4

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
2/26/2025 2:16:43 PM UTC  (today)

File size:
3.9 MB (4,077,216 bytes)

Product version:
4.65

Copyright:
Kerish Products 2005-2017. All rights reserved.

Trademarks:
Kerish Products 2005-2017. All rights reserved.

Original file name:
KerishDoctor.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\kerish products\kerish doctor\update\kerishdoctor.exe

Digital Signature
Signed by:
OOO AMA

Authority:
thawte, Inc.

Valid from:
9/7/2015 3:00:00 AM

Valid to:
10/8/2017 2:59:59 AM

Subject:
CN=OOO AMA, OU=OOO AMA, O=OOO AMA, L=Voronezh, S=Voronezh region, C=RU

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
1D0F76AAF04C714C925B79F338122EE7

File PE Metadata
Compilation timestamp:
1/30/2017 5:00:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x20B0

Entry point:
55, 8B, EC, 83, C4, F0, B8, 00, 10, 40, 00, E8, 01, 00, 00, 00, 9A, 83, C4, 10, 8B, E5, 5D, E9, 38, 1D, 0A, 01, 4D, 9C, C5, 77, 36, 81, EC, 0D, 50, FA, CB, 2A, BE, 11, CF, 8F, 74, C2, 51, 93, A3, BA, 20, 98, 5F, EE, 3C, 12, 81, F4, 07, 7F, 4F, 2B, 33, 61, 4D, 4B, 31, 61, 9B, D6, 70, 8A, E4, F3, 20, 4D, C4, 5A, 0A, 19, 91, 08, 93, 49, 36, 51, DE, C4, 33, CB, 85, 89, D5, 33, 61, DC, C0, B0, 43, 85, E9, 86, CB, 92, 78, BC, CE, 9A, 13, 3C, 15, B2, 0D, D5, 66, F9, 70, B5, 39, 78, 42, F3, 3A, B9, 91, 36, B0, 43...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 MB (7,823,360 bytes)

Scheduled Task
Task name:
Kerish Doctor

Trigger:
Logon (Runs on logon)

Description:
Kerish Doctor Startup


Scan KerishDoctor.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.