KSafeTray.exe

Kingsoft PC Doctor

Kingsoft Security Co.,Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘KSafeTray’.
Publisher:
Kingsoft Corporation  (signed by Kingsoft Security Co.,Ltd)

Product:
Kingsoft PC Doctor

Description:
PC Doctor Flow Monitor

Version:
3.3.1.9

MD5:
1114b0af1068f78f2d14c3672e9e0890

SHA-1:
2e6178deb0954334bbc7ef8d33ede811de91f996

SHA-256:
f68204063d1dacebfb6ce16e7bbc44d8a9f8308a69d0c96b3c4f7a462802e0a6

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 6:54:14 AM UTC  (today)

File size:
1.2 MB (1,308,064 bytes)

Product version:
3.3.1.9

Copyright:
Copyright (C) 1998-2012 Kingsoft Corporation

Original file name:
KSafeTray.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\kingsoft\pcdoctor\ksafetray.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/9/2010 5:30:00 AM

Valid to:
3/9/2013 5:29:59 AM

Subject:
CN="Kingsoft Security Co.,Ltd", OU=Kingsoft Duba, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Kingsoft Security Co.,Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
11B3AF5DB11EC91D1CF0B3E1B80C85E4

File PE Metadata
Compilation timestamp:
4/11/2012 9:52:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:B+bFV8vU5Mw9rhoCzcaC3rylDV8vag4xujQUVLPlYXd7ujJzMQAF1T:gb8vU5JhsDrYiSg7QUVLGhuFzMQAF1T

Entry address:
0xD8A75

Entry point:
E8, BA, 03, 00, 00, E9, 36, FD, FF, FF, CC, 68, D9, 8A, 4D, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 28, D0, 52, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, FF, 74, 24, 10, FF, 74, 24, 10, FF, 74, 24, 10, FF, 74, 24, 10, 68, 01, 86, 4D, 00, 68, 28, D0, 52, 00, E8, D0...
 
[+]

Entropy:
6.3354

Code size:
956 KB (978,944 bytes)

2 Scheduled Tasks
Task name:
KsafeDelay

Trigger:
Logon (Runs on logon)

Task name:
KsafeDelay

Trigger:
Logon (Runs on logon)

Action:
ksafetray.exe -delayruncheck


Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
KSafeTray

Command:
"C:\Program Files\kingsoft\pcdoctor\ksafetray.exe" -autorun


Scan KSafeTray.exe - Powered by Reason Core Security