home

QHSafeTray.exe

360 Total Security

QIHU 360 SOFTWARE CO. LIMITED

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘QHSafeTray’.
Publisher:
QIHU 360 SOFTWARE CO. LIMITED  (signed and verified)

Product:
360 Total Security

Version:
9,0,0,1010

MD5:
28fd68a95d80be542e3c310f22425113

SHA-1:
e523ccb813744e1d59ffb6db754d1e350dde870d

SHA-256:
81ffd4a4d215509cb1a86cdaf7891fb1bc63a2ff3a54bfa9ee234ea5ef732171

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/3/2024 3:56:42 AM UTC  (today)

File size:
1.9 MB (2,019,183 bytes)

Product version:
9,0,0,1010

Copyright:
Copyright (C) 2017

Original file name:
QHSafeTray.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\360\total security\safemon\qhsafetray.exe

Digital Signature
Signed by:
QIHU 360 SOFTWARE CO. LIMITED

Authority:
VeriSign, Inc.

Valid from:
2/15/2016 6:00:00 AM

Valid to:
5/3/2019 5:59:59 AM

Subject:
CN=QIHU 360 SOFTWARE CO. LIMITED, OU=Client Security Group, O=QIHU 360 SOFTWARE CO. LIMITED, L=Hong Kong, S=Hong Kong, C=HK

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
54923803403DC08BE24F0D7C8CCC5593

File PE Metadata
Compilation timestamp:
2/8/2017 3:21:24 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0xC2024

Entry point:
E9, B2, 71, 06, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 0C, 75, 1D, E8, AC, F9, FF, FF, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 2E, AD, FF, FF, 83, C4, 14, 83, C8, FF, EB, 4D, 8B, 45, 08, 3B, C3, 74, DC, 56, 89, 45, E8, 89, 45, E0, 8D, 45, 10, 50, 53, FF, 75, 0C, 8D, 45, E0, 50, C7, 45, E4, FF, FF, FF, 7F, C7, 45, EC, 42, 00, 00, 00, E8, 92, AB, 00, 00, 83, C4, 10, FF, 4D, E4, 8B, F0, 78, 07, 8B, 45, E0, 88, 18, EB, 0C, 8D, 45, E0, 50, 53, E8, 6C, 79, 00, 00, 59...
 
[+]

Entropy:
6.5580

Packer / compiler:
Xtreme-Protector v1.05

Code size:
1.3 MB (1,328,128 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
QHSafeTray

Command:
"C:\Program Files\360\total security\safemon\qhsafetray.exe" \start


Scan QHSafeTray.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.