home

KerishDoctor.exe

Kerish Doctor

OOO AMA

It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
Publisher:
Kerish Products  (signed by OOO AMA)

Product:
Kerish Doctor

Version:
4.60

MD5:
ed39f22b67ce989c76c21c3e41308e8c

SHA-1:
c2492998932a26c1a41f576593fdc6019819fa99

SHA-256:
e77ff0f20f3c609d7a017b9c43c9fe6694b88d6a46e6a421e24cd03f6c69918b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/5/2024 8:05:24 AM UTC  (today)

File size:
2.7 MB (2,852,528 bytes)

Product version:
4.60

Copyright:
Kerish Products 2005-2014. All Rights reserved.

Trademarks:
Kerish Products 2005-2014. All Rights reserved.

Original file name:
KerishDoctor.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\kerish doctor\kerishdoctor.exe

Digital Signature
Signed by:
OOO AMA

Authority:
Thawte, Inc.

Valid from:
8/27/2014 4:00:00 AM

Valid to:
9/27/2015 3:59:59 AM

Subject:
CN=OOO AMA, OU=IT, O=OOO AMA, L=Voronezh, S=Voronezh region, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
10113097A9F7A4FC6296AF8DC613AB0D

File PE Metadata
Compilation timestamp:
8/31/2014 11:20:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:HK3PAXjmd2yHCDhP5L51ZMIDwFNHxs52TyPsU4499KIVJyw7get:HK/Qmd2XP9XBD4Ra2TyPsU449XVJ5

Entry address:
0x4D07F

Entry point:
55, 8B, EC, 83, C4, F0, B8, 00, 10, 40, 00, E8, 01, 00, 00, 00, 9A, 83, C4, 10, 8B, E5, 5D, E9, 2D, 4E, A6, 00, 55, 09, EA, 58, 13, 88, 71, 2D, BA, E7, 1A, 57, 91, 8C, 3C, 64, 1D, 13, E2, 56, 1E, A2, 88, 56, AB, B8, 4C, BE, DD, D5, 4F, DE, B8, 69, 8A, 34, 17, 6D, 07, 4B, D0, BA, 30, D4, 71, 52, B4, 61, C3, 29, C7, 19, EF, EF, 9D, 5D, 86, 8C, D0, 17, 5C, EA, EE, 04, 74, 47, 11, E1, CF, 0F, 2A, 93, 1F, 99, BB, D3, F3, 00, 6E, 86, 17, 0A, 9A, 33, CD, 31, 29, 4E, C7, 11, D7, CF, D0, DC, 5C, DC, 9B, 70, 34, 74...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
6.3 MB (6,647,808 bytes)

Scheduled Task
Task name:
Kerish Doctor

Trigger:
Logon (Runs on logon)

Description:
Kerish Doctor Startup


Scan KerishDoctor.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.