» qmacro6.exe
Overview
Analysis
File Details
Network (1)

qmacro6.exe

QMacro.exe

vrBrothers Software

The application qmacro6.exe has been detected as a potentially unwanted program by 6 anti-malware scanners.

File name:

qmacro6.exe

Publisher:

vrBrothers Software

Product:

QMacro.exe

Description:

Quick Macro

Version:

6.20.1342

MD5:

5b8129b6c721b10fb84d87f3e4114a00

SHA-1:

032a37ca852a273640bd7c1e0bdfb6e9e1502eff

SHA-256:

eddc6223bd903318df7faee2b6211f9f9a9e6901351293b1e06e3a27020d7654

Scanner detections:

6 / 68

Status:

Potentially unwanted

Analysis date:

12/26/2024 12:01:34 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.VrBrothers

4.0.3.14618

ESET NOD32

Win32/Adware.VrBrothers.AA (variant)

8.9943

McAfee

Artemis!5B8129B6C721

5600.7095

NANO AntiVirus

Virus.Win32.Gen.ccmw

0.28.0.60253

nProtect

Trojan/W32.Agent.2631680.C

14.06.13.01

Rising Antivirus

PE:Trojan.Win32.Generic.152D1942!355277122

23.00.65.14616

File size:

2.5 MB (2,631,680 bytes)

Product version:

6.20

Original file name:

QMacro.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

File PE Metadata

Compilation timestamp:

3/26/2009 6:14:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:P8JvPwFPbL7YujfmjTtUmF549PXSWL7+TIoKzR1jgJbGUw8f0ZBblo3:P8JvPwFPbL7YuTmjTtUmF58PXSa+Uodr

Entry address:

0x287000

Entry point:

9C, 60, E8, 02, 00, 00, 00, 33, C0, 8B, C4, 83, C0, 04, 93, 8B, E3, 8B, 5B, FC, 81, EB, 07, 20, 40, 00, 87, DD, 83, BD, 3D, 29, 40, 00, 01, 0F, 84, 33, 04, 00, 00, 80, BD, 52, 2F, 40, 00, 00, 74, 37, 8D, 85, FB, 2C, 40, 00, 50, FF, 95, D7, 2C, 40, 00, 8D, 8D, 51, 2E, 40, 00, 50, 51, 50, FF, 95, C7, 2C, 40, 00, 89, 85, 61, 2E, 40, 00, 58, 8D, 8D, 0F, 2E, 40, 00, 51, 50, FF, 95, C7, 2C, 40, 00, 89, 85, BB, 2C, 40, 00, 8D, BD, E5, 31, 40, 00, 33, C0, 8A, 85, 37, 29, 40, 00, 3C, 05, 74, 72, 3C, 03, 0F, 84, 9C... 
[+]

Entropy:

6.4346

Packer / compiler:

PEBundle v3.10

Code size:

1.5 MB (1,597,440 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to ec2-52-22-37-35.compute-1.amazonaws.com (52.22.37.35:80)

Remove qmacro6.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.