home

KerishDoctor.exe

Kerish Doctor

OOO AMA

It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is installed with the program Kerish Doctor 2015.
Publisher:
Kerish Products  (signed by OOO AMA)

Product:
Kerish Doctor

Version:
4.60

MD5:
a7b82e400e6078bf0280e42d955871c1

SHA-1:
d9d52577f9cbcff23d746a56bfb460e9b4e7933a

SHA-256:
606c75de3697cbba210915bcc6ead3ee977db676ce5410a38f8082c8cceb03f5

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
2/26/2025 9:58:09 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Detection.Undefined
7.0.302.0

File size:
3.7 MB (3,831,472 bytes)

Product version:
4.60

Copyright:
Kerish Products 2005-2015. All rights reserved.

Trademarks:
Kerish Products 2005-2015. All rights reserved.

Original file name:
KerishDoctor.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\kerish products\kerish doctor\update\kerishdoctor.exe

Digital Signature
Signed by:
OOO AMA

Authority:
Thawte, Inc.

Valid from:
8/26/2014 8:00:00 PM

Valid to:
9/26/2015 7:59:59 PM

Subject:
CN=OOO AMA, OU=IT, O=OOO AMA, L=Voronezh, S=Voronezh region, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
10113097A9F7A4FC6296AF8DC613AB0D

File PE Metadata
Compilation timestamp:
9/5/2015 1:42:56 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:GUgxFpCwG64AETyPsU0UCIEr59+ue2LX8k:lgxfCZTTnrUCIEr50+

Entry address:
0x348A2

Entry point:
55, 8B, EC, 83, C4, F0, B8, 00, 10, 40, 00, E8, 01, 00, 00, 00, 9A, 83, C4, 10, 8B, E5, 5D, E9, 8E, FB, F6, 00, 5A, 44, DA, A6, 78, 84, BB, 60, B7, 01, 13, A8, 2C, F8, C8, B9, 3A, 67, A1, 45, 22, AD, 26, 8B, 6D, 01, 1B, D1, D4, 7D, 7C, 0A, 38, 73, 50, 31, FC, 8B, 1E, A2, 78, D2, C0, 1C, 1D, 3A, 38, 22, 4C, C0, A4, E3, 75, 0B, 9D, 14, 2F, 49, 20, AD, 0E, 24, 06, 96, 32, 6F, 2E, 15, 9B, E6, F1, 30, 4B, 5B, 32, 9E, C0, 2B, E0, 1B, F3, 8E, B8, 84, 47, 7B, BD, FD, 8B, 9E, E9, C9, DD, D4, 36, B2, 08, 31, 24, 0C...
 
[+]

Entropy:
7.8048

Developed / compiled with:
Microsoft Visual C++

Code size:
6.5 MB (6,840,320 bytes)

Scheduled Task
Task name:
Kerish Doctor

Trigger:
Logon (Runs on logon)

Description:
Kerish Doctor Startup


The file KerishDoctor.exe has been discovered within the following program.

Kerish Doctor 2015  by Kerish Products
www.kerish.org
About 3% of users remove it
 
Powered by Should I Remove It?

Scan KerishDoctor.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.