qks.exe

The application qks.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from 113.171.224.214 and multiple other hosts.
MD5:
4c72365ac2ce63dfcad30e3cc07e0d0e

SHA-1:
979001fe1e683a34397699ad18d40e0eb335c941

SHA-256:
233da23f0034778cb8548e0432adacf8a0a8b420ae3dd65298b0a78d07a1fe68

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 1:38:41 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex.Qksee.Meta (M)
16.7.7.8

File size:
2.1 MB (2,205,619 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\qks.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
49152:FkLJfXxBWUbgWSsVIBVMndU3iaLUSVqC9jlWrrevSiV:FkthAUcEVIwnWj9jErNiV

Entry point:
6D, 20, E6, F5, 7D, 46, 00, 5E, 0A, 28, 41, 8A, 34, FD, 7B, 00, 00, 00, 00, 00, 7F, 00, 00, 00, 00, 00, 00, 00, DC, 50, 99, 17, BB, D6, 44, BA, 59, 07, 00, 40, 56, 58, E2, A0, CC, B5, 25, F5, 33, 2A, C3, 27, DE, 48, 39, 52, CE, C9, 20, 84, 41, 1A, 85, 32, D3, ED, AC, 82, BB, 29, 36, BD, 94, E0, D5, 07, F6, C9, 82, 4E, 45, 2A, 5E, 43, 7A, 77, BA, 84, B3, D1, D3, 3E, 26, 5E, 67, 75, AE, B0, BA, E4, AA, 74, 99, B3, 85, 23, BD, F1, FA, 62, 31, 2E, 6C, 11, 56, 9F, 8F, 62, 76, 2F, 79, CF, AA, 06, 85, 84, F5, C6...
 
[+]

The file qks.exe has been seen being distributed by the following 9 URLs.

http://113.171.224.214/.../qks.exe

http://www.reqxkgtm.com/Public/softs/lim5/9286/.../qks.exe

http://113.171.224.216/.../qks.exe

http://113.171.224.169/.../qks.exe

http://113.171.224.242/.../qks.exe

Remove qks.exe - Powered by Reason Core Security