home

QHSafeTray.exe

360 Total Security

QIHU 360 SOFTWARE CO. LIMITED

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘QHSafeTray’.
Publisher:
QIHU 360 SOFTWARE CO. LIMITED  (signed and verified)

Product:
360 Total Security

Version:
8,8,0,1001

MD5:
92178ba6c99cb27dae7aa3936d997681

SHA-1:
3f2138293619230306c297ab57fffbb2366acd26

SHA-256:
099f8c1960e57503a6a55e29439e930d248daae2bf1ccc053205f863808636ed

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/3/2024 8:54:14 AM UTC  (today)

File size:
1.2 MB (1,231,727 bytes)

Product version:
8,8,0,1001

Copyright:
Copyright (C) 2016

Original file name:
QHSafeTray.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\360\total security\safemon\qhsafetray.exe

Digital Signature
Signed by:
QIHU 360 SOFTWARE CO. LIMITED

Authority:
VeriSign, Inc.

Valid from:
2/15/2016 6:00:00 AM

Valid to:
5/3/2019 5:59:59 AM

Subject:
CN=QIHU 360 SOFTWARE CO. LIMITED, OU=Client Security Group, O=QIHU 360 SOFTWARE CO. LIMITED, L=Hong Kong, S=Hong Kong, C=HK

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
54923803403DC08BE24F0D7C8CCC5593

File PE Metadata
Compilation timestamp:
8/8/2016 3:55:27 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x94323

Entry point:
E9, 1D, 54, F7, FF, E9, 79, FE, FF, FF, E8, 47, 54, 00, 00, 8B, 48, 6C, 3B, 0D, A0, 8B, 4E, 00, 74, 10, 8B, 0D, B8, 8A, 4E, 00, 85, 48, 70, 75, 05, E8, A8, 19, 00, 00, A1, 3C, 83, 4E, 00, C3, 6A, 14, 68, 10, 8C, 4D, 00, E8, CD, 2B, 00, 00, 8B, 45, 08, 85, C0, 75, 1B, 68, E4, 1A, 4C, 00, 8D, 4D, DC, E8, 12, CF, FF, FF, 68, 00, 8C, 4D, 00, 8D, 45, DC, 50, E8, 2A, 2E, 00, 00, 83, 65, FC, 00, 8B, 00, 8B, 40, FC, 8B, 40, 0C, 85, C0, 74, 0D, C7, 45, FC, FE, FF, FF, FF, E8, D4, 2B, 00, 00, C3, 68, C0, 1A, 4C, 00...
 
[+]

Entropy:
6.7466

Packer / compiler:
Xtreme-Protector v1.05

Code size:
764.5 KB (782,848 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
QHSafeTray

Command:
"C:\Program Files\360\total security\safemon\qhsafetray.exe" \start


Scan QHSafeTray.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.