qdcwindows.exe

Zekghv

Ktat Cordsp

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘qdcwindows.exe’.
Scan qdcwindows.exe - Powered by Reason Core Security
Publisher:
Ktat Cordsp

Product:
Zekghv

Description:
Zekghv Gdlhp

Version:
3.7.8487.30659

MD5:
768df7814a83824c8947bfe8e2028892

SHA-1:
aa7f2e523b397df92f554f0b2845781889c4c82f

SHA-256:
f03b5d19b8bd2aaedb99b3c1d5500eb2b3ddc8971b273ee865e7a7bf60962eff

Scanner detections:
8 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/11/2016 11:01:10 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Heur.Hype.gu2@aiTecSii
969

Bitdefender
Gen:Trojan.Heur.Hype.gu2@aiTecSii
1.0.20.805

Bkav FE
HW32.CDB
1.3.0.4959

ByteHero BDV
Trojan.Malware.Obscu.Gen.002
6.10.2014.10

Emsisoft Anti-Malware
Gen:Trojan.Heur.Hype.gu2@aiTecSii
8.14.06.10.05

F-Secure
Gen:Trojan.Heur.Hype.gu2@aiTecSii
11.2014-10-06_3

G Data
Gen:Trojan.Heur.Hype.gu2@aiTecSii
14.6.24

MicroWorld eScan
Gen:Trojan.Heur.Hype.gu2@aiTecSii
15.0.0.483

File size:
96 KB (98,304 bytes)

Product version:
3.7.8487.30659

Copyright:
Copyright © Ktat Cordsp

Original file name:
Zekghv.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\microsoft\qdcwindows.exe

File PE Metadata
Compilation timestamp:
2/11/2014 1:20:14 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:duVMLdnN6lhduhKZGtwxufrXBWtyvftgF6TI/Y5jtIKQEEYTW0/NYwAMsv4G/NYm:ySjE8ftwcDXBWtyvftgA5jtIKQyKMi46

Entry address:
0x2CE1

Entry point:
55, 8B, EC, 83, EC, 18, 53, 56, 57, 33, FF, E8, 19, FE, FF, FF, EB, 24, 5A, 8B, CA, A1, 98, 58, 40, 00, 2B, C8, 89, 0D, 64, 59, 40, 00, FF, 35, 64, 59, 40, 00, 89, 15, F0, 59, 40, 00, FF, 15, F0, 59, 40, 00, EB, 0B, 83, 3D, E4, 59, 40, 00, 01, 74, 02, EB, 09, 33, C0, 5F, 5E, 5B, 8B, E5, 5D, C3, 68, 0C, 38, 41, 00, 8B, FD, 03, 3D, C0, 59, 40, 00, 8D, 55, FC, 89, 3A, 8B, 55, FC, 52, 8B, 5D, DC, 53, 8B, 5D, E0, 89, 1D, B0, 52, 40, 00, FF, 35, B0, 52, 40, 00, 8B, 55, E4, 52, 68, 2C, 51, 40, 00, 68, A0, 59, 40...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
8 KB (8,192 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
qdcwindows.exe

Command:
C:\users\{user}\appdata\roaming\microsoft\qdcwindows.exe


Scan qdcwindows.exe - Powered by Reason Core Security