» xmkysecqun64.exe
Overview
Analysis
File Details
Behaviors (1)

xmkysecqun64.exe

The application xmkysecqun64.exe has been detected as a potentially unwanted program by 25 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “xmkysecqun64”.

File name:

xmkysecqun64.exe

MD5:

1be089f9429924f29cf0b37f75af2ea4

SHA-1:

3c889e543307748d2d9e234a2672d258cdaef68c

SHA-256:

8f3124afe8700cb85d89177d045c4425d974d6361f8b2765f1540fc68913fe62

Scanner detections:

25 / 68

Status:

Potentially unwanted

Explanation:

Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:

4/19/2024 5:22:40 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Adpeak.M

942

Agnitum Outpost

PUA.Agent

7.1.1

Avira AntiVirus

TR/Drop.Softomat.AN

7.11.143.116

avast!

Win64:Adware-gen [Adw]

2014.9-140707

AVG

Adware Generic5

2015.0.3420

Baidu Antivirus

Adware.Win32.Downloader

4.0.3.1477

Bitdefender

Adware.Adpeak.M

1.0.20.940

Comodo Security

ApplicUnwnt

18490

Emsisoft Anti-Malware

Adware.Adpeak.M

8.14.07.07.11

ESET NOD32

Win64/Adware.Adpeak.C application

8.7.0.302.0

F-Secure

Adware.Adpeak.M

11.2014-07-07_2

G Data

Adware.Adpeak

14.7.24

IKARUS anti.virus

AdWare.Adpeak

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.1712348

Kaspersky

not-a-virus:AdWare.Win64.Agent

14.0.0.3595

Malwarebytes

Adware.Adpeak

v2014.07.07.11

MicroWorld eScan

Adware.Adpeak.M

15.0.0.564

nProtect

Adware.Adpeak.M

14.06.09.01

Panda Antivirus

Trj/CI.A

14.07.07.11

Quick Heal

AdWare.Win64.r5 (Not a Virus)

7.14.14.00

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

10657

Trend Micro House Call

ADW_ADPEAK

7.2.188

Trend Micro

ADW_ADPEAK

10.465.07

Vba32 AntiVirus

AdWare.Win64.Agent

3.12.26.0

VIPRE Antivirus

Threat.4832636

30086

File size:

690 KB (706,560 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\Program Files\003\xmkysecqun64.exe

File PE Metadata

Compilation timestamp:

3/22/2014 10:09:42 PM

OS version:

5.1

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

11.0

CTPH (ssdeep):

12288:6k/DGNZUVJvyc/W8EJulm9G0E4SDonm7Xu8W:RDG0Jvy+Fs9wfhW

Entry address:

0x600E4

Entry point:

48, 83, EC, 28, E8, 17, 0F, 01, 00, 48, 83, C4, 28, E9, 42, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 63, D9, 48, 8D, 3D, 54, 33, 04, 00, 48, 03, DB, 48, 83, 3C, DF, 00, 75, 11, E8, A9, 00, 00, 00, 85, C0, 75, 08, 8D, 48, 11, E8, 51, 86, FF, FF, 48, 8B, 0C, DF, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, 48, FF, 25, BC, E3, 01, 00, 48, 89, 5C, 24, 08, 48, 89, 6C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 20, BF, 24, 00, 00, 00, 48, 8D, 1D, 04, 33, 04, 00, 8B, EF, 48, 8B, 33, 48, 85, F6... 
[+]

Code size:

499.5 KB (511,488 bytes)

Service

Display name:

xmkysecqun64

Type:

Win32OwnProcess

Remove xmkysecqun64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.