home

qks.exe

The application qks.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from 113.171.224.210 and multiple other hosts.
MD5:
c64c0376dd37840b2b2d82aba525636c

SHA-1:
f986e82abc06458ab6896dada89287ef060ac7a7

SHA-256:
3d8990f93aed60c5ff4f462dcd93c25af9c05632fd813b634eb2e64c955cc7ed

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
1/8/2025 4:42:10 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex.Qksee.Meta (M)
16.7.14.6

File size:
2.1 MB (2,202,829 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\qks.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
49152:h0HD1LhfjRjT5HLvFR4tEaV9T8XD6zFaDwjShsI+9sp9:oD1VfjRnpvAtbT8XkcUjShs8p9

Entry point:
6D, 20, E6, F5, 7D, 46, 00, 5E, D7, D4, DF, 46, D2, C6, 7B, 00, 00, 00, 00, 00, 7F, 00, 00, 00, 00, 00, 00, 00, A6, BE, 9F, 4B, BB, D6, 44, BA, 59, 07, 00, 40, 56, 58, E2, A0, CD, 25, 3D, F5, 33, 2A, C3, 31, 1F, 81, 80, 0B, 3B, 2F, 6C, FD, 15, D5, 04, 1C, 88, B9, E4, 5F, 07, AA, FC, E2, BF, 7B, 37, 95, 73, 15, 8A, 6D, 28, 51, 34, 8C, FC, 63, F8, C3, 25, 4A, 69, 3B, BE, 3C, 6C, 8F, 58, E0, 8D, E0, 49, 87, 61, 73, B8, 0B, 66, 5B, 30, 66, 6B, ED, 29, 04, 6C, 1D, 3D, 56, E1, 25, 0C, A7, 04, 22, 38, D4, C5, 25...
 
[+]

Entropy:
7.9999  (probably packed)

The file qks.exe has been seen being distributed by the following 4 URLs.

http://113.171.224.210/.../qks.exe

http://113.171.224.245/.../qks.exe

http://113.171.224.166/.../qks.exe

http://d26yaxxlnmhaem.cloudfront.net/Public/softs/qks/3.3.37/.../qks.exe

Remove qks.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.