qrsvc.exe

Quick Ref Client Service

QUICKREF

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application qrsvc.exe by QUICKREF has been detected as adware by 20 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Quick Ref 1.10.0.12 Client Service”.
Publisher:
Quick Ref  (signed by QUICKREF)

Product:
Quick Ref Client Service

Version:
1.10.0.12

MD5:
80535035cdd0e00819f715964a51c1dd

SHA-1:
cedcbdc71dc5a05037c1330c904aa9aad4d949f1

SHA-256:
e63a6725888bcbcc640ad34fd36c60548ec93af0538c2481207c398dcad7beec

Scanner detections:
20 / 68

Status:
Adware

Analysis date:
12/25/2024 1:13:51 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Vitruvian.J
676

Avira AntiVirus
ADWARE/Adware.Gen7
3.6.1.96

avast!
Win32:GenMaliciousA-EHE [Adw]
2014.9-150331

AVG
Generic6
2016.0.3154

Baidu Antivirus
Adware.Win32.Vitruvian
4.0.3.15331

Bitdefender
Adware.Vitruvian.J
1.0.20.450

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Plugin.924
9.0.1.090

Emsisoft Anti-Malware
Adware.Vitruvian
8.15.03.31.04

ESET NOD32
Win32/Adware.Vitruvian (variant)
9.11401

F-Secure
Adware.Vitruvian.J
11.2015-31-03_3

G Data
Adware.Vitruvian
15.3.25

IKARUS anti.virus
PUA.Vitruvian
t3scan.1.8.9.0

Kaspersky
not-a-virus:AdWare.Win32.Vitruvian
14.0.0.2264

Malwarebytes
PUP.Optional.QuickRef.A
v2015.03.31.04

MicroWorld eScan
Adware.Vitruvian.J
16.0.0.270

NANO AntiVirus
Riskware.Win32.Plugin.dpfzps
0.30.8.659

nProtect
Adware.Vitruvian.J
15.03.30.01

Reason Heuristics
PUP.Service.InfoAtoms
15.3.31.5

VIPRE Antivirus
InfoAtoms
38912

File size:
272.1 KB (278,592 bytes)

Product version:
1.10.0.12

Copyright:
Copyright (C) 2015

Original file name:
qrsvc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\quickref_1.10.0.12\service\qrsvc.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
9/5/2014 6:50:56 AM

Valid to:
9/5/2016 6:50:56 AM

Subject:
E=Support@quickrefapp.com, CN=QUICKREF, O=QUICKREF, L=Dover, S=DE, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11219B2E795F5F7739842A0C0B7E7F9F1A08

File PE Metadata
Compilation timestamp:
3/27/2015 7:44:21 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
3072:3vTgT+mKiFifJi6vgcjMCLRkpt+DX1bi0f8LEpzfui3spzvXr+u5DTaCTBfSPLWu:3vsa4EZjzoTYRuiSXXaCTBZkDopQdj

Entry address:
0x21245

Entry point:
E8, 28, 65, 00, 00, E9, 7B, FE, FF, FF, CC, 8B, 4C, 24, 0C, 57, 85, C9, 0F, 84, 92, 00, 00, 00, 56, 53, 8B, D9, 8B, 74, 24, 14, F7, C6, 03, 00, 00, 00, 8B, 7C, 24, 10, 75, 0B, C1, E9, 02, 0F, 85, 85, 00, 00, 00, EB, 27, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 83, E9, 01, 74, 2B, 84, C0, 74, 2F, F7, C6, 03, 00, 00, 00, 75, E5, 8B, D9, C1, E9, 02, 75, 61, 83, E3, 03, 74, 13, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 84, C0, 74, 37, 83, EB, 01, 75, ED, 8B, 44, 24, 10, 5B, 5E, 5F, C3, F7, C7, 03, 00, 00, 00, 74...
 
[+]

Entropy:
6.3179

Code size:
181 KB (185,344 bytes)

Service
Display name:
Quick Ref 1.10.0.12 Client Service

Service name:
qrsvc_1.10.0.12

Description:
This service enables Quick Ref 1.10.0.12 on HTTP websites

Type:
Win32OwnProcess


Remove qrsvc.exe - Powered by Reason Core Security