qrsvc.exe

Quick Ref Client Service

QUICKREF

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application qrsvc.exe by QUICKREF has been detected as adware by 21 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Quick Ref 1.10.0.13 Client Service”.
Publisher:
Quick Ref  (signed by QUICKREF)

Product:
Quick Ref Client Service

Version:
1.10.0.13

MD5:
d408dcc8953d49f9713d970cf55f58e6

SHA-1:
8588920954bb09293e620ba8c7e811a66409d817

SHA-256:
1acf9d822cdfac45cca9f1f038ab879cd8309d626116df80d40da70d1bc24833

Scanner detections:
21 / 68

Status:
Adware

Analysis date:
12/25/2024 1:17:14 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Vitruvian.J
655

Avira AntiVirus
ADWARE/Adware.Gen7
3.6.1.96

avast!
Win32:GenMaliciousA-EHE [Adw]
2014.9-150420

AVG
Generic6
2016.0.3133

Baidu Antivirus
Adware.Win32.Vitruvian
4.0.3.15420

Bitdefender
Adware.Vitruvian.J
1.0.20.550

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Plugin.924
9.0.1.0110

Emsisoft Anti-Malware
Adware.Vitruvian
8.15.04.20.08

ESET NOD32
Win32/Adware.Vitruvian (variant)
9.11419

F-Secure
Adware.Vitruvian.J
11.2015-20-04_2

G Data
Adware.Vitruvian
15.4.25

IKARUS anti.virus
PUA.Vitruvian
t3scan.1.8.9.0

K7 AntiVirus
Adware
13.202.15469

Kaspersky
not-a-virus:AdWare.Win32.Vitruvian
14.0.0.2161

Malwarebytes
PUP.Optional.QuickRef.A
v2015.04.20.08

MicroWorld eScan
Adware.Vitruvian.J
16.0.0.330

NANO AntiVirus
Riskware.Win32.Plugin.dpfzps
0.30.8.659

nProtect
Adware.Vitruvian.J
15.04.02.01

Reason Heuristics
Threat.InfoAtoms.QUICKREF
15.4.20.16

VIPRE Antivirus
InfoAtoms
39006

File size:
272.1 KB (278,592 bytes)

Product version:
1.10.0.13

Copyright:
Copyright (C) 2015

Original file name:
qrsvc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\quickref_1.10.0.13\service\qrsvc.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
9/4/2014 2:50:56 PM

Valid to:
9/4/2016 2:50:56 PM

Subject:
E=Support@quickrefapp.com, CN=QUICKREF, O=QUICKREF, L=Dover, S=DE, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11219B2E795F5F7739842A0C0B7E7F9F1A08

File PE Metadata
Compilation timestamp:
4/2/2015 4:13:30 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
3072:pvTgT+mKiFifJi6vgcjMCLRkpt+DX1bi0f8LEpzfui3spzvvr+u5tTaCTBfVPLWe:pvsa4EZjzoTYRuiSPVaCTB8kKopQds

Entry address:
0x21245

Entry point:
E8, 28, 65, 00, 00, E9, 7B, FE, FF, FF, CC, 8B, 4C, 24, 0C, 57, 85, C9, 0F, 84, 92, 00, 00, 00, 56, 53, 8B, D9, 8B, 74, 24, 14, F7, C6, 03, 00, 00, 00, 8B, 7C, 24, 10, 75, 0B, C1, E9, 02, 0F, 85, 85, 00, 00, 00, EB, 27, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 83, E9, 01, 74, 2B, 84, C0, 74, 2F, F7, C6, 03, 00, 00, 00, 75, E5, 8B, D9, C1, E9, 02, 75, 61, 83, E3, 03, 74, 13, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 84, C0, 74, 37, 83, EB, 01, 75, ED, 8B, 44, 24, 10, 5B, 5E, 5F, C3, F7, C7, 03, 00, 00, 00, 74...
 
[+]

Entropy:
6.3178

Code size:
181 KB (185,344 bytes)

Service
Display name:
Quick Ref 1.10.0.13 Client Service

Service name:
qrsvc_1.10.0.13

Description:
This service enables Quick Ref 1.10.0.13 on HTTP websites

Type:
Win32OwnProcess


Remove qrsvc.exe - Powered by Reason Core Security