KSafeTray.exe

Kingsoft PC Doctor

Kingsoft Security Co.,Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘KSafeTray’.
Publisher:
Kingsoft Corporation  (signed by Kingsoft Security Co.,Ltd)

Product:
Kingsoft PC Doctor

Description:
PC Doctor Flow Monitor

Version:
3.7.0.30

MD5:
068cc4888f391e4552e4e4a06397f686

SHA-1:
eb3080ed51f2b6144c1b7f1277da92cd395c7af4

SHA-256:
682defd6533c7da81a8a28083d80129f14628735d162933a45560af2fb107b62

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 2:02:27 AM UTC  (today)

File size:
721.4 KB (738,720 bytes)

Product version:
3.7.0.30

Copyright:
Copyright (C) 1998-2012 Kingsoft Corporation

Original file name:
KSafeTray.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\kingsoft\pcdoctor\ksafetray.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/9/2010 1:00:00 AM

Valid to:
3/9/2013 12:59:59 AM

Subject:
CN="Kingsoft Security Co.,Ltd", OU=Kingsoft Duba, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Kingsoft Security Co.,Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
11B3AF5DB11EC91D1CF0B3E1B80C85E4

File PE Metadata
Compilation timestamp:
4/5/2012 6:36:03 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:cXmZcA0HOFE0m3sVt8/BJQIclvAS4NK4si6tHSrFthZzQrJxAvDT6BE2UQl:cX6cA0uF/m3q2uPLi6FWFthZaxAv/6GW

Entry address:
0x7023C

Entry point:
E8, B3, 03, 00, 00, E9, 36, FD, FF, FF, CC, CC, 68, A1, 02, 47, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 20, 60, 4A, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, FF, 74, 24, 10, FF, 74, 24, 10, FF, 74, 24, 10, FF, 74, 24, 10, 68, 80, FE, 46, 00, 68, 20, 60, 4A, 00, E8...
 
[+]

Code size:
504 KB (516,096 bytes)

2 Scheduled Tasks
Task name:
KsafeDelay

Trigger:
Logon (Runs on logon)

Task name:
KsafeDelay

Trigger:
Logon (Runs on logon)

Action:
ksafetray.exe -delayruncheck


Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
KSafeTray

Command:
"C:\Program Files\kingsoft\pcdoctor\ksafetray.exe" -autorun


Scan KSafeTray.exe - Powered by Reason Core Security