home

op_mon.exe

Quick Heal Firewall Pro

Agnitum Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Quick Heal Monitor’.
Publisher:
Quick Heal Technologies (P) Ltd.  (signed by Agnitum Ltd.)

Product:
Quick Heal Firewall Pro

Description:
Quick Heal User Interface

Version:
3.0.2986.10614

MD5:
427f9c333b7b6a7f1a2b043e11f6d7dc

SHA-1:
43f414105b861c6441454ad0e9aae2c50874d7d3

SHA-256:
d6e9c29143d20f4c8b8389166f5a5b9c466c37f502d1abddac117168c8537b30

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/18/2024 10:30:49 PM UTC  (today)

File size:
2.2 MB (2,315,056 bytes)

Product version:
3.0.2986.10614

Copyright:
Copyright (C) 2009 Quick Heal Technologies (P) Ltd. All rights reserved.

Original file name:
op_mon.dll

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\quick heal\quick heal firewall pro\op_mon.exe

Digital Signature
Signed by:
Agnitum Ltd.

Authority:
VeriSign, Inc.

Valid from:
9/21/2006 5:30:00 AM

Valid to:
12/19/2009 5:29:59 AM

Subject:
CN=Agnitum Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Agnitum Ltd., L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4F538F2425657E9505193A68065FEDF6

File PE Metadata
Compilation timestamp:
11/3/2009 5:23:54 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:qfxeoH7z0SvFJl9ascNkyXMFbPactg8gzxDv41A3XJMA+w7SBZDJ5AeZ4wcg+Q+q:6koH7z0SvFJl9asakMSBZDJ5AeZ4wcgP

Entry address:
0x13866B

Entry point:
E8, DE, 05, 00, 00, E9, D7, FC, FF, FF, CC, FF, 25, E0, 56, 55, 00, FF, 25, DC, 56, 55, 00, FF, 25, D8, 56, 55, 00, FF, 25, D4, 56, 55, 00, FF, 25, D0, 56, 55, 00, 8B, 00, 81, 38, 63, 73, 6D, E0, 74, 03, 33, C0, C3, E9, 3E, 06, 00, 00, 6A, 14, 68, 48, DE, 59, 00, E8, DA, 01, 00, 00, 83, 65, FC, 00, FF, 4D, 10, 78, 3A, 8B, 4D, 08, 2B, 4D, 0C, 89, 4D, 08, FF, 55, 14, EB, ED, 8B, 45, EC, 89, 45, E4, 8B, 45, E4, 8B, 00, 89, 45, E0, 8B, 45, E0, 81, 38, 63, 73, 6D, E0, 74, 0B, C7, 45, DC, 00, 00, 00, 00, 8B, 45...
 
[+]

Entropy:
6.2601

Code size:
1.3 MB (1,390,592 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Quick Heal Monitor

Command:
"C:\Program Files1\quickh~1\quickh~2\op_mon.exe" \tray \noservice


Scan op_mon.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.