home

qks.exe

The application qks.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from 113.171.224.203 and multiple other hosts.
MD5:
521d89ba18b41d8b029dffc2e60594f0

SHA-1:
218fd887c91a512f132acf19bdb7ffa05a45984b

SHA-256:
50a96d120f1f00262811d887431cf2738c02c19d548ba379bfcae5c411f01f76

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
1/8/2025 5:14:19 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex.Qksee.Meta (M)
16.7.8.7

File size:
2.1 MB (2,172,817 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\qks.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
49152:ndJc/KbUhOyDLZo7URcrfu3ICk6+iJeYgwVr71/E1h+EBUE:dq/LOsVoYkKcS9VsR

Entry point:
6D, 20, E6, F5, 7D, 46, 00, 5E, D9, 16, 6B, B3, 16, 7D, 7B, 00, 00, 00, 00, 00, 7F, 00, 00, 00, 00, 00, 00, 00, 3C, 17, 64, 53, BB, D6, 44, BA, 59, 07, 00, 40, 56, 58, E2, A0, CD, 25, 3D, F5, 33, 2A, C3, FA, 97, B5, F5, 45, 2B, A0, E4, 52, 8D, 02, 38, E9, 30, 45, DA, 49, D6, 24, C3, F2, 6D, 59, 07, A2, EA, 71, B9, E9, FA, 15, 77, 91, 25, 24, 74, 03, D4, 59, D1, 2A, 62, 97, 55, 7F, 72, 8D, B7, 2F, 81, 83, 5F, DE, F5, B8, EA, 8F, FF, 5A, 09, AA, F2, E7, D1, 97, 98, 3B, 54, 71, 2B, 45, 7A, E1, 06, 35, 99, FD...
 
[+]

Entropy:
7.9999  (probably packed)

The file qks.exe has been seen being distributed by the following 5 URLs.

http://113.171.224.203/.../qks.exe

http://d26yaxxlnmhaem.cloudfront.net/Public/softs/qks/3.3.19/.../qks.exe

http://d26yaxxlnmhaem.cloudfront.net/Public/softs/qks/3.3.27/.../qks.exe

http://43.255.113.227/d26yaxxlnmhaem.cloudfront.net/Public/softs/qks/3.3.31/.../qks.exe

http://d26yaxxlnmhaem.cloudfront.net/Public/softs/qks/3.3.31/.../qks.exe

Remove qks.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.