home

KerishDoctor.exe

Kerish Doctor

OOO AMA

It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This is installed with Kerish Doctor 2014.
Publisher:
Kerish Products  (signed by OOO AMA)

Product:
Kerish Doctor

Version:
4.60

MD5:
82f83e66133284c8e78d9209db12a7e3

SHA-1:
4a29076dfd988de4d5234c188a9a641b1dbd1a8e

SHA-256:
b30977e3dd408470016a00e2c5a38c9e157b830a1f2587ccf620ba833696f8da

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 3:48:38 PM UTC  (today)

File size:
2.7 MB (2,844,136 bytes)

Product version:
4.60

Copyright:
Kerish Products 2005-2014. All Rights reserved.

Trademarks:
Kerish Products 2005-2014. All Rights reserved.

Original file name:
KerishDoctor.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\kerish doctor\kerishdoctor.exe

Digital Signature
Signed by:
OOO AMA

Authority:
Thawte, Inc.

Valid from:
8/4/2013 8:00:00 PM

Valid to:
9/4/2014 7:59:59 PM

Subject:
CN=OOO AMA, OU=IT, O=OOO AMA, L=Voronegh, S="Voroneghskaya oblast ", C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1F3C11346254E097A2EA8B7C9A505E85

File PE Metadata
Compilation timestamp:
8/13/2014 4:53:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:MdkXcIUwhaqW7/0LGU29G40umTyPsUy6W8+asJyuzuczb1QvpiX3u:qhHwgqmMLGU4jmTyPsUyfVJbzuKbGwe

Entry address:
0x14AD68

Entry point:
55, 8B, EC, 83, C4, F0, B8, 00, 10, 40, 00, E8, 01, 00, 00, 00, 9A, 83, C4, 10, 8B, E5, 5D, E9, E8, 36, 95, 00, E9, 4C, 51, BB, 20, 63, 8A, 5E, CB, B3, 91, FD, C4, 04, 26, 64, 63, 45, 18, 5F, FB, E1, 8C, 20, 46, 8C, 52, D3, 9A, E9, 63, 61, B1, C0, C7, 59, 81, 8C, C7, A6, 42, C0, 15, BB, 62, 11, 80, 8C, B0, A4, 40, B8, 7F, 11, A4, E7, 3B, B6, 54, F9, 47, C1, D9, 3A, F6, 08, E0, BE, 68, 29, 74, A0, 54, 66, 86, CD, 7E, 39, 8E, 89, A5, 53, 64, EE, E7, 37, 0E, 2A, A5, C5, B2, 22, CD, 84, AA, A3, 2E, 52, 35, 40...
 
[+]

Entropy:
7.7103

Developed / compiled with:
Microsoft Visual C++

Code size:
6.3 MB (6,561,792 bytes)

Scheduled Task
Task name:
Kerish Doctor

Trigger:
Logon (Runs on logon)

Description:
Kerish Doctor Startup


The file KerishDoctor.exe has been discovered within the following program.

Kerish Doctor 2014  by Kerish Products
www.kerish.org
About 6% of users remove it
 
Powered by Should I Remove It?

Scan KerishDoctor.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.