home

KerishDoctor.exe

Kerish Doctor 2012

OOO AMA

It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
Publisher:
Kerish Products  (signed by OOO AMA)

Product:
Kerish Doctor 2012

Version:
4.45

MD5:
24e4e2e32f5eb46c9d1db5b991f3ba25

SHA-1:
6a6d07bf63b634268d9b3e7f5c9af1c23a13443d

SHA-256:
12729fac7c74fd46a0578f848b135a23c7435a34f30028eb6af5087827b61742

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/20/2024 1:30:46 AM UTC  (today)

File size:
2.1 MB (2,217,032 bytes)

Product version:
4.45

Copyright:
Kerish Products 2005-2012. All Rights reserved.

Trademarks:
Kerish Products 2005-2012. All Rights reserved.

Original file name:
KerishDoctor.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\kerish doctor 2012\kerishdoctor.exe

Digital Signature
Signed by:
OOO AMA

Authority:
Thawte, Inc.

Valid from:
7/30/2012 8:00:00 PM

Valid to:
7/31/2013 7:59:59 PM

Subject:
CN=OOO AMA, OU=it, O=OOO AMA, L=Voronegh, S=Voroneghskaya oblast, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
5FC6B3B8D216CFEF94FEFBDBC8BE144D

File PE Metadata
Compilation timestamp:
10/16/2012 4:33:22 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:yP0AyTI3Mfa+evI6ZqymObBvTyP2GNEMMjJG/IjrGOemUEEndaU:yP0AN3TTQUbJTyP2GNEMMbemdEdD

Entry address:
0x7AC40

Entry point:
55, 8B, EC, 83, C4, F0, B8, 00, 10, 40, 00, E8, 01, 00, 00, 00, 9A, 83, C4, 10, 8B, E5, 5D, E9, D4, 2F, 71, 00, C9, 3F, B8, DB, EB, E5, 6E, ED, F2, B7, B6, DD, F5, F0, B2, 39, C8, EF, 63, 35, 9B, 03, 75, 56, 92, 2F, A1, D3, C2, 98, 68, B9, 57, 88, B2, 0B, 01, 3D, 00, F8, B8, 3E, 22, 52, 31, 77, 20, CA, AC, 98, 1E, 2B, 55, C5, 1D, 2B, F2, 55, 37, 4D, 44, 69, 23, 1B, CD, 2C, C9, C3, DE, 87, 69, CF, 02, E0, 50, EA, DB, 4E, B3, C6, 81, 68, 47, 26, E5, 94, 48, B9, BD, 3C, 71, 2B, FF, 21, D3, 23, 31, 20, 94, 97...
 
[+]

Entropy:
7.8934

Developed / compiled with:
Microsoft Visual C++

Code size:
3.3 MB (3,452,928 bytes)

Scheduled Task
Task name:
Kerish Doctor

Trigger:
Logon (Runs on logon)

Description:
Kerish Doctor Startup


Scan KerishDoctor.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.