home

KerishDoctor.exe

Kerish Doctor 2012

OOO AMA

It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
Publisher:
Kerish Products  (signed by OOO AMA)

Product:
Kerish Doctor 2012

Version:
4.45

MD5:
0e7e4752cec490de1ede4d56169b2c9e

SHA-1:
5d14878068fd3e505948985c397c3f29459c90da

SHA-256:
00c904a74515d47c336246f6dc6b04955bbdac54f8d7a83b8842b9dde7f9fd10

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 1:25:43 AM UTC  (today)

File size:
2.1 MB (2,237,512 bytes)

Product version:
4.45

Copyright:
Kerish Products 2005-2012. All Rights reserved.

Trademarks:
Kerish Products 2005-2012. All Rights reserved.

Original file name:
KerishDoctor.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\kerish doctor 2012\kerishdoctor.exe

Digital Signature
Signed by:
OOO AMA

Authority:
Thawte, Inc.

Valid from:
7/31/2012 3:00:00 AM

Valid to:
8/1/2013 2:59:59 AM

Subject:
CN=OOO AMA, OU=it, O=OOO AMA, L=Voronegh, S=Voroneghskaya oblast, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
5FC6B3B8D216CFEF94FEFBDBC8BE144D

File PE Metadata
Compilation timestamp:
11/2/2012 8:40:14 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:azKzk5T+QKhShUK2hTyP2GNEMMNaUHljfNiv5YPsY6iv0layqgUI:sASCKmTyP2GNEMMNaCljfNeMQlawUI

Entry address:
0xAD0D4

Entry point:
55, 8B, EC, 83, C4, F0, B8, 00, 10, 40, 00, E8, 01, 00, 00, 00, 9A, 83, C4, 10, 8B, E5, 5D, E9, 00, 71, 70, 00, DF, 79, 59, A1, DD, B1, 87, 8D, 31, 16, 03, 41, 36, D5, D5, 6F, 3E, B8, 4C, 9F, 34, BB, DC, 25, C2, 72, 6E, 3B, 60, 68, 9C, AF, 5E, 54, 72, 7B, 5C, 0F, D9, FA, E1, D2, 81, 55, 8D, 47, AB, 0E, C1, 45, CD, BA, 7C, A2, 1E, D8, 74, C4, EB, F0, 12, 7D, 4F, 59, 09, 88, 09, 8E, 79, F0, 25, 68, 1C, 45, 8E, 85, 06, E2, 6A, E2, 24, 58, 58, 56, 6B, 0C, C0, 12, AE, 91, 0E, BD, 33, 00, 01, E6, C0, 71, 9E, 81...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
3.4 MB (3,575,808 bytes)

Scheduled Task
Task name:
Kerish Doctor

Trigger:
Logon (Runs on logon)

Description:
Kerish Doctor Startup


Scan KerishDoctor.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.