home

qplusphoneseller.exe

QPostPro

Giosis LLC

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Qpost_Pro’.
Publisher:
Giosis  (signed by Giosis LLC)

Product:
QPostPro

Version:
2,11,15,311

MD5:
560754d0716d7e3ef683daad70142a47

SHA-1:
6352ada12175d52bf5e381114ddd79614d0ceb49

SHA-256:
b2e06d5fc902761321887dea7c767da3167de1409472f3677c8032a6c2cf1cc1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
2/25/2025 11:40:11 PM UTC  (a few moments ago)

File size:
9.2 MB (9,685,960 bytes)

Product version:
2,11,15,311

Copyright:
Copyright ⓒ2013 Giosis Group. All Rights Reserved.

Original file name:
QPostPro.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\qpostpro\qplusphoneseller.exe

Digital Signature
Signed by:
Giosis LLC

Authority:
Symantec Corporation

Valid from:
1/18/2016 6:00:00 AM

Valid to:
11/5/2016 5:59:59 AM

Subject:
CN=Giosis LLC, O=Giosis LLC, L=Gangnam-Gu, S=Seoul, C=KR

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
5AAE53BEDC3E95DDE171034A7BAD3C7D

File PE Metadata
Compilation timestamp:
3/25/2016 10:55:07 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:sUhgNa3OrOpoHdK9gNpAMEFrEzKsUHEx8lTg9Pfch6HUoqLLz6QcmV6w3:XiNa3OrOpodKamTg9PfouZkyjw3

Entry address:
0x39D69B

Entry point:
E9, 20, 98, 67, 00, E9, 0B, 66, 65, 00, E9, D6, 2C, 6F, 00, E9, 61, DF, 4A, 00, E9, DC, BE, 2F, 00, E9, B7, FA, 24, 00, E9, F2, FE, 65, 00, E9, 0D, 4B, 21, 00, E9, 78, 5F, 19, 00, E9, 81, BE, 6F, 00, E9, 4E, 1B, 29, 00, E9, 79, 1C, 06, 00, E9, 24, FD, 61, 00, E9, CF, 46, 52, 00, E9, 0A, 1B, 39, 00, E9, 6B, EB, 6E, 00, E9, 20, 59, 5F, 00, E9, 9B, 2A, 69, 00, E9, 86, A5, 16, 00, E9, E1, 50, 59, 00, E9, 7C, 3D, 4C, 00, E9, FF, BE, 6F, 00, E9, 72, 76, 68, 00, E9, 6D, F7, 5D, 00, E9, 38, 5B, 5B, 00, E9, 73, CC...
 
[+]

Entropy:
5.7508

Developed / compiled with:
Microsoft Visual C++ 8.0 (Debug)

Code size:
7.5 MB (7,812,096 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Qpost_Pro

Command:
C:\Program Files\qpostpro\qplusphoneseller.exe


Scan qplusphoneseller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.