KSafeTray.exe

Kingsoft PC Doctor

Kingsoft Security Co.,Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘KSafeTray’.
Publisher:
Kingsoft Corporation  (signed by Kingsoft Security Co.,Ltd)

Product:
Kingsoft PC Doctor

Description:
PC Doctor Flow Monitor

Version:
3.6.0.6

MD5:
147ae461d33b35fd893d1e1729f71fd3

SHA-1:
3ca0e2c1a4db72488ecc85df9814e2ddeed2ffb5

SHA-256:
38a07fa5dc23b93c863016e0e1d452135c1d39f759c3b8ad5ce2a4c9b92e8745

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 6:57:45 AM UTC  (today)

File size:
713.4 KB (730,528 bytes)

Product version:
3.6.0.6

Copyright:
Copyright (C) 1998-2012 Kingsoft Corporation

Original file name:
KSafeTray.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\kingsoft\pcdoctor\ksafetray.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/8/2010 7:00:00 PM

Valid to:
3/8/2013 6:59:59 PM

Subject:
CN="Kingsoft Security Co.,Ltd", OU=Kingsoft Duba, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Kingsoft Security Co.,Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
11B3AF5DB11EC91D1CF0B3E1B80C85E4

File PE Metadata
Compilation timestamp:
3/6/2012 3:33:40 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:JBh6LCoJ9mYB7qXebhpXV9daknFFWbVh8LreuB36mFyKWImhT2m+Q+FspqstJfGP:JBh6R9mYBuXeLdVFAe6yyKYhT8FoqUJO

Entry address:
0x6DA5A

Entry point:
E8, B5, 03, 00, 00, E9, 36, FD, FF, FF, 68, BD, DA, 46, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 20, 30, 4A, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, FF, 74, 24, 10, FF, 74, 24, 10, FF, 74, 24, 10, FF, 74, 24, 10, 68, A5, D6, 46, 00, 68, 20, 30, 4A, 00, E8, CC, 03...
 
[+]

Entropy:
6.2609

Code size:
496 KB (507,904 bytes)

Scheduled Task
Task name:
KsafeDelay

Trigger:
Logon (Runs on logon)


Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
KSafeTray

Command:
"C:\Program Files\kingsoft\pcdoctor\ksafetray.exe" -autorun


Scan KSafeTray.exe - Powered by Reason Core Security