qks.exe

The application qks.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from www.reqxhfmc.com and multiple other hosts.
MD5:
c00df5da408709de4b2453da293f2321

SHA-1:
d7888d5cecc923bd34e18ca7b3fdfeddd92cbc02

SHA-256:
868759a702c52fd6eb1a9b7d1ab8ef3f8f040998734aa197c700b200dee96a2c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 9:42:58 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex.Qksee.Meta (M)
16.7.7.8

File size:
2.1 MB (2,172,563 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\qks.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
49152:pjEzHWABVt2AIdchbldRthIC5Z+UUMRofQkehLMrBlDcCAmUA+v0nw:pIzHBdichblH3ZUaorzDcCAYJnw

Entry point:
6D, 20, E6, F5, 7D, 46, 00, 5E, 93, D3, 61, 6B, 14, 7C, 7B, 00, 00, 00, 00, 00, 7F, 00, 00, 00, 00, 00, 00, 00, 26, 2C, 5F, 51, BB, D6, 44, BA, 59, 07, 00, 40, 56, 58, E2, A0, CC, B5, 25, F5, 33, DF, 74, 96, 59, 8C, 79, 52, CE, C9, 20, 84, 41, 1A, 85, 32, D3, ED, AC, 82, BB, 29, 36, BD, 94, E0, D5, 07, F6, C9, 82, 4E, 45, 2A, 5E, 43, 7A, 77, BA, 84, B3, D1, D3, 3E, 26, 5E, 67, 75, AE, B0, BA, E4, AA, 74, 99, B3, 85, 23, BD, F1, FA, 62, 31, 2E, 6C, 11, 56, 9F, 8F, 62, 76, 2F, 79, CF, AA, 06, 85, 84, F5, C6...
 
[+]

Entropy:
7.9999  (probably packed)

The file qks.exe has been seen being distributed by the following 10 URLs.

http://113.171.224.241/.../qks.exe

http://113.171.224.243/.../qks.exe

http://113.171.224.216/.../qks.exe

http://113.171.224.167/.../qks.exe

http://113.171.224.214/.../qks.exe

http://113.171.224.174/.../qks.exe

Remove qks.exe - Powered by Reason Core Security