qknfd.sys

Quiknowledge Driver x86

QUIKNOWLEDGE

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The file qknfd.sys by QUIKNOWLEDGE has been detected as adware by 2 anti-malware scanners. It runs as a Windows kernel mode device driver named “qknfd”.
Publisher:
QUIKNOWLEDGE  (signed and verified)

Product:
Quiknowledge Driver x86

Version:
1.9.0.3

MD5:
cdf06da2df242d9f0773184a7aa04354

SHA-1:
c8e569c4366c9dc9289385b1fb391bd28cb02816

SHA-256:
89ffe6290aaa3147261317b360e0340543c849c6981758ef1271a49400c74a19

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
12/25/2024 12:32:55 AM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
PUP.Optional.Quiknowledge.A
v2014.05.10.04

Reason Heuristics
PUP.QUIKNOWLEDGE.I
14.5.10.4

File size:
51.5 KB (52,752 bytes)

Product version:
1.9.0.3

Copyright:
Copyright (C) 2014

Original file name:
qknfd.sys

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\qknfd.sys

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
8/9/2013 5:08:06 AM

Valid to:
8/10/2014 5:08:06 AM

Subject:
E=support@quiknowledge.com, CN=QUIKNOWLEDGE, OU=QUIKNOWLEDGE, O=QUIKNOWLEDGE, L=La Jolla, S=CA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121DF7C70666AA82F10CCD4461A39593E7F

File PE Metadata
Compilation timestamp:
8/21/2012 3:34:53 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
8.0

CTPH (ssdeep):
768:VK47urAd7AVbTXO2vZd1VjXjurCIDaCCepa+ez8oc3fbO4C5Et02OHM:447ue7ITew1JXCrdDqe43cPar+tH

Entry address:
0xA085

Entry point:
8B, FF, 55, 8B, EC, A1, 00, 8C, 01, 00, 85, C0, B9, 4E, E6, 40, BB, 74, 04, 3B, C1, 75, 1E, 8B, 15, 08, 8B, 01, 00, B8, 00, 8C, 01, 00, C1, E8, 08, 33, 02, A3, 00, 8C, 01, 00, 75, 07, 8B, C1, A3, 00, 8C, 01, 00, F7, D0, A3, 04, 8C, 01, 00, 5D, E9, 51, E7, FF, FF, CC, 2C, A1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A8, A4, 00, 00, 94, 8A, 00, 00, 18, A1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, DE, A4, 00, 00, 80, 8A, 00, 00, 24, A1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FA, A4, 00, 00, 8C, 8A, 00, 00, 00...
 
[+]

Entropy:
6.2938

Code size:
34.8 KB (35,584 bytes)

Driver
Display name:
qknfd

Type:
Kernel device driver (KernelDriver)

Group:
PNP_TDI


Remove qknfd.sys - Powered by Reason Core Security