home

qmee_0.9.19.exe

Qmee Ltd

The program is a setup application that uses the Nullsoft Install System installer. The file has been seen being downloaded from qmee-apps.s3.amazonaws.com.
Publisher:
Qmee Ltd  (signed and verified)

MD5:
09565cf37c584ac9b73d000339c1178a

SHA-1:
b8f1e7a33c7b000981a5d56a04df5c8240907463

SHA-256:
bab9c287fd89edbc827c8e765cb8b1d59beeba3f9c108d73015785f61af05857

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 11:58:15 PM UTC  (a few moments ago)

File size:
667.6 KB (683,584 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\qmee_0.9.19.exe

Digital Signature
Signed by:
Qmee Ltd

Authority:
COMODO CA Limited

Valid from:
5/6/2013 7:00:00 PM

Valid to:
5/7/2015 6:59:59 PM

Subject:
CN=Qmee Ltd, O=Qmee Ltd, STREET=Davidson House, STREET=Forbury Square, L=Reading, S=Berkshire, PostalCode=RG1 3EU, C=GB

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1E3D59814EE50F926CE99F98BD57113B

File PE Metadata
Compilation timestamp:
2/19/2012 9:01:57 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
12288:ZB3YSBNvrKFWFJ8xoyNwegE95Jp5JOfqpfWm+sR8LqdXEkWaoHlwAMhZ1XT:ZBISrTKFWFJioDegLfqpOUCISVOAM/V

Entry address:
0x4131

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 43, 43, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 44, 43, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 44, 43, 00, 56, A3, F4, 27, 43, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8B, 3B, 00, 00, A3, 50, 28, 43, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, 44, 43, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7...
 
[+]

Entropy:
7.9200  (probably packed)

Code size:
33.5 KB (34,304 bytes)

The file qmee_0.9.19.exe has been seen being distributed by the following URL.

https://qmee-apps.s3.amazonaws.com/.../qmee_0.9.19.exe

Scan qmee_0.9.19.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.