home

qkdup.exe

Yanling Sun

The application qkdup.exe by Yanling Sun has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Yanling Sun  (signed and verified)

Version:
4.0.0.0

MD5:
02e58134903d0a62b182c4da2c0796d7

SHA-1:
e9cb64ff7b46653afc31da09b8211cffb12969b1

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/30/2024 9:41:20 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex (M)
16.7.27.21

File size:
451 KB (461,782 bytes)

Product version:
4.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\qksee\qkdup.exe

Digital Signature
Signed by:
Yanling Sun

Authority:
thawte, Inc.

Valid from:
7/26/2016 7:00:00 AM

Valid to:
11/26/2016 6:59:59 AM

Subject:
CN=Yanling Sun, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
00E6CA70373BA4733E7AC647B1E706CB

File PE Metadata
Compilation timestamp:
7/26/2016 3:33:00 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:sQwxz4oBiBfHR8n/cMa1BO9BjADAuvNHxsphi8PtHCqc5p3PG4IURC6p:T0BiHs/la1BO9wAMNHWz97c5p/ZRP

Entry address:
0x4C000

Entry point:
90, 90, B9, 63, 36, D4, 03, 90, 90, 68, 1C, C0, 44, 00, 5E, BA, 98, 05, 00, 00, 90, 90, 31, 0C, 32, 90, 4A, 83, EA, 03, 75, F6, 8B, 4B, D5, 03, 63, 36, D4, 03, 63, 36, 94, 03, 18, 93, D5, 03, 53, 62, D0, 03, B5, 6D, D0, 03, 63, 86, D6, 03, 62, 36, D4, 03, 53, 26, 97, 03, B1, 13, 90, 03, BD, 13, 90, 03, F3, 3E, D0, 03, B3, 13, D0, 03, BF, 13, D0, 03, 53, C0, D6, 03, B3, 13, D0, 03, BF, 13, D0, 03, 63, 36, D4, 03, 63, 36, D4, 03, 63, 36, D4, 03, 63, 36, D4, 03, 63, 36, D4, 03, 63, 36, D4, 03, 63, 36, D4, 03...
 
[+]

Entropy:
7.1289

Code size:
188.5 KB (193,024 bytes)

Remove qkdup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.