home

qks.exe

The application qks.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from www.reqxhfmc.com and multiple other hosts.
MD5:
e4db03779306819f7389fd2831ae374c

SHA-1:
cf2e6de0b0b5126077632b884f018091f05657d6

SHA-256:
9f14099385947926a522996244f6851f5d67416a8f1d2af59b75044d4500e667

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 9:46:15 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex.Qksee.Meta (M)
16.7.7.9

File size:
2.1 MB (2,161,532 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\qks.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
49152:XO2fwr7Gpa9wjWb3qBH6mXnAIZU4yfTd6igzELTKNWfB:+2m7+2wwaBaInAIZU5bYi1KNWp

Entry point:
6D, 20, E6, F5, 7D, 46, 00, 5E, DF, 73, B2, CA, 6D, A1, 7A, 00, 00, 00, 00, 00, 7F, 00, 00, 00, 00, 00, 00, 00, 5E, D5, 9D, CA, BB, D6, 44, BA, 59, 07, 00, 40, 56, 58, E2, A0, CC, B5, 25, F5, 33, 1D, 34, E8, BE, 0D, B0, 15, AC, 04, 2E, AC, 06, 04, C9, E9, 78, 68, B1, 79, 50, B6, F0, 91, 02, 0D, C7, B9, 52, B7, 9A, 08, 55, E1, FD, 89, FB, 74, 47, F9, 16, 43, 4D, C9, AC, A6, 36, 7B, 15, B1, 88, F8, 51, FC, 39, 53, 81, 5C, 76, D0, 46, B4, 92, 6D, EC, 5C, 6A, 78, 28, 92, E8, D2, 05, A6, 69, 55, 9A, 59, C1, C9...
 
[+]

Entropy:
7.9999  (probably packed)

The file qks.exe has been seen being distributed by the following 6 URLs.

http://www.reqxhfmc.com/Public/softs/lim5/9286/.../qks.exe

http://www.reqxyuea.com/Public/softs/lim5/9286/.../qks.exe

http://www.reqxrgtm.com/Public/softs/lim5/9286/.../qks.exe

http://113.171.224.166/.../qks.exe

http://113.171.224.213/.../qks.exe

http://www.reqxiosb.com/Public/softs/lim5/9286/.../qks.exe

Remove qks.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.