qubnfe.exe

qubnfe

Quartzo Desenvolvimento de Software Ltda.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘qubnfe’.
Publisher:
Quartzo Desenvolvimento de Software Ltda.  (signed by Quartzo Desenvolvimento de Software Ltda.)

Product:
qubnfe

Description:
Qubnfe Module

Version:
2.06.0003

MD5:
6cf6873247dfb5bf350eb0c0af8fb975

SHA-1:
8364609cfe35691b3e6ad2862aa4a8e0ed8bf0e3

SHA-256:
42fefbf39768972562aec65e9ec01d13c50b571d4a4acccae8aa187544640d77

Scanner detections:
4 / 68

Status:
Clean  (4 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
12/25/2024 5:27:19 AM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/SysKeylog.B.gen
v6.4.6.2.117

K7 AntiVirus
Riskware
13.91.4017

Rising Antivirus
Suspicious
23.00.65.16417

SUPERAntiSpyware
Trojan.Dropper/Sys-NV
9195

File size:
768.3 KB (786,760 bytes)

Product version:
2.06.0003

Original file name:
qubnfe.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\qubnfe\qubnfe.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
12/7/2010 5:26:27 PM

Valid to:
12/7/2011 5:26:27 PM

Subject:
CN=Quartzo Desenvolvimento de Software Ltda., O=Quartzo Desenvolvimento de Software Ltda., L=Itatiba, S=SP, C=BR

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B60C7D3AD688E

File PE Metadata
Compilation timestamp:
12/10/2010 8:07:07 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:26ZZ/kV9PGAUikY4cravxspR/5umtuC9Exn34otyYbWH/M9/k6qhHBa4t:pctRXkYZOo/5FtuX3xl6fr6EFt

Entry address:
0x29B310

Entry point:
60, BE, 00, 40, 5E, 00, 8D, BE, 00, D0, E1, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 19, 8B, 1E, 83, EE, FC, 11, DB, 72, 10, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 78, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
736 KB (753,664 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
qubnfe

Command:
C:\Program Files\qubnfe\qubnfe.exe \auto


Scan qubnfe.exe - Powered by Reason Core Security