home

KerishDoctor.exe

Kerish Doctor

OOO AMA

It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
Publisher:
Kerish Products  (signed by OOO AMA)

Product:
Kerish Doctor

Version:
4.60

MD5:
8e5091a45d3589199e724339b778553a

SHA-1:
ea18e7a6a85b1d5fb2391732af81a34cee67a6bf

SHA-256:
907646f02c1de6404cb4e818f8fafaad89643f4a9a6784a84964f904e27010da

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 1:24:00 AM UTC  (today)

File size:
2.7 MB (2,831,848 bytes)

Product version:
4.60

Copyright:
Kerish Products 2005-2014. All Rights reserved.

Trademarks:
Kerish Products 2005-2014. All Rights reserved.

Original file name:
KerishDoctor.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\kerish doctor\kerishdoctor.exe

Digital Signature
Signed by:
OOO AMA

Authority:
Thawte, Inc.

Valid from:
8/5/2013 4:00:00 AM

Valid to:
9/5/2014 3:59:59 AM

Subject:
CN=OOO AMA, OU=IT, O=OOO AMA, L=Voronegh, S="Voroneghskaya oblast ", C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1F3C11346254E097A2EA8B7C9A505E85

File PE Metadata
Compilation timestamp:
8/6/2014 8:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:6kSFu3QvkFXHFT1hV3tOlQ9eUGs28toi/TyPsUP09FPTdHjoEPNhLWp:XSF4Qc7T1bdEQZG7y/TyPsUs9fPLWp

Entry address:
0x11E4F2

Entry point:
55, 8B, EC, 83, C4, F0, B8, 00, 10, 40, 00, E8, 01, 00, 00, 00, 9A, 83, C4, 10, 8B, E5, 5D, E9, 0A, BA, 97, 00, 88, 17, 2C, 34, 45, 74, 00, 6A, 5A, CD, 44, 85, 2F, 8F, 61, FA, 56, 36, 78, 53, 8E, E1, E8, 15, E8, 51, FA, 1F, AB, 1F, A0, EF, 43, 65, 5F, B5, 05, 95, 38, 2F, 26, A4, 53, 6C, 71, D2, A5, E9, 58, F6, 8F, 96, 2B, 8F, 46, 19, C7, E2, B5, 38, 35, 63, A7, 56, AD, 76, 09, BA, 51, D5, 30, 66, CC, FE, CE, 04, 2A, F5, 25, A5, E2, 42, 9D, B8, C6, 04, 9E, 3E, 4F, 1A, 4C, E6, 97, DA, 53, AE, EC, 09, 3B, 3C...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
6.3 MB (6,557,696 bytes)

Scheduled Task
Task name:
Kerish Doctor

Trigger:
Logon (Runs on logon)

Description:
Kerish Doctor Startup


Scan KerishDoctor.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.