home

qkseeSvc.exe

qksee

Yanling Sun

The application qkseeSvc.exe by Yanling Sun has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “qkseeService”. While running, it connects to the Internet address 8.81.6132.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Qksee Pvt Ltd.  (signed by Yanling Sun)

Product:
qksee

Description:
qksee service

Version:
3.1.0.0

MD5:
b57086a645f9acc4b04fc97324041f3e

SHA-1:
e67af6a7318cd42365146ef2ad39ba8c1149b36c

SHA-256:
2edb9224cdcb740d7dcef4e6575564c199e78193f56885dc7d12c078deb979ce

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/30/2024 10:12:13 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex.Qksee.Meta (M)
16.6.27.23

File size:
746.5 KB (764,464 bytes)

Product version:
3.1.0.0

Copyright:
Copyright (c) 2015 Qksee Pvt Ltd. All Rights Reserved.

Original file name:
qkseeSvc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\qksee\qkseesvc.exe

Digital Signature
Signed by:
Yanling Sun

Authority:
thawte, Inc.

Valid from:
5/19/2016 7:00:00 AM

Valid to:
11/26/2016 6:59:59 AM

Subject:
CN=Yanling Sun, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
3D44CC1794B6A4EFDCC679FBB2D75A84

File PE Metadata
Compilation timestamp:
5/18/2016 5:45:16 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:x10+CpQlYBstTXddMZb/fsRDb+Z4Fvt+vUp4PbEP4X6ojIp0OxZ/Ccvpqct/4pm7:xS+BYPoojIxDMclPNTx/h9

Entry address:
0x59F1C

Entry point:
E8, C8, D3, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 51, 83, 65, FC, 00, 56, 8D, 45, FC, 50, FF, 75, 0C, FF, 75, 08, E8, 2D, D5, 00, 00, 8B, F0, 83, C4, 0C, 85, F6, 75, 18, 39, 45, FC, 74, 13, E8, FA, 16, 00, 00, 85, C0, 74, 0A, E8, F1, 16, 00, 00, 8B, 4D, FC, 89, 08, 8B, C6, 5E, C9, C3, 55, 8B, EC, 8B, 45, 0C, 8B, 4D, 08, 83, EC, 0C, 85, C0, 74, 02, 89, 08, 85, C9, 75, 14, E8, CC, 16, 00, 00, C7, 00, 16, 00, 00, 00, E8, 7E, 47, 00, 00, 33, C0, C9, C3, 8B, 45, 10, 85, C0, 74, 0A, 83, F8, 02, 7C, E0, 83, F8...
 
[+]

Entropy:
5.9875

Code size:
477.5 KB (488,960 bytes)

Service
Display name:
qkseeService

Type:
Win32OwnProcess

Group:
SchedulerGroup


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-85-63-121.lhr50.r.cloudfront.net  (52.85.63.121:80)

TCP (HTTP):
Connects to 8.81.6132.ip4.static.sl-reverse.com  (50.97.129.8:80)

TCP (HTTP):
Connects to server-52-85-63-199.lhr50.r.cloudfront.net  (52.85.63.199:80)

TCP (HTTP):
Connects to server-52-85-63-79.lhr50.r.cloudfront.net  (52.85.63.79:80)

Remove qkseeSvc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.