» kqr3lv_n.exe
Overview
Analysis
File Details

kqr3lv_n.exe

VisualBee

Visual Software Systems LTD

The file kqr3lv_n.exe by Visual Software Systems has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.

File name:

kqr3lv_n.exe

Publisher:

Visual Software Systems LTD (signed and verified)

Product:

VisualBee

Version:

V26.2

MD5:

449e29e75eaae745d7416b93d924d0c7

SHA-1:

297de18956acae046c6ddc03d2b82724de18c3e6

SHA-256:

f04f65182ee1c9e47e9d7514a6acfba36c822103d97bcd8a5b5f4f9e4d80cea3

Scanner detections:

7 / 68

Status:

Potentially unwanted

Explanation:

Uses the Solimba installer to bundle adware offers.

Analysis date:

4/18/2024 10:00:49 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2016.0.2904

Dr.Web

Adware.Downware.1326

9.0.1.0339

ESET NOD32

Win32/DownWare

9.10702

Malwarebytes

MSIL.Solimba

v2015.12.05.09

NANO AntiVirus

Trojan.Win32.Generic.dbfyqg

0.28.6.62995

Reason Heuristics

Win32.Generic.VisualSoftwareSystems.Installer.Meta

15.12.5.21

Trend Micro House Call

Suspicious_GEN.F47V1103

7.2.339

File size:

458.7 KB (469,688 bytes)

Product version:

V26.2

VisualBee.com

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\kqr3lv_n.exe.part

Digital Signature

Signed by:

Visual Software Systems LTD

Authority:

Thawte, Inc.

Valid from:

10/18/2013 2:00:00 AM

Valid to:

10/18/2015 1:59:59 AM

Subject:

CN=Visual Software Systems LTD, O=Visual Software Systems LTD, L=Tel Aviv - Yafo, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

4151E7647C88F6CE43FD79FAAA1350F0

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:rs3g+879qN8N60WYY0bWKW2pfoiseerebezrNdezvyUVq4fxMatfzA3q7VFQa+k7:4gT7A8oLYRSKxfos6s+UVqo9Beq7VjL7

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

Remove kqr3lv_n.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.