home

qmphook.sys

Gintaras Didzgalvis

It runs as a Windows 64-bit kernel mode device driver named “QM process triggers”. This is installed with Quick Macros 2.
Publisher:
Gintaras Didzgalvis  (signed and verified)

MD5:
60dee52001eab418be9f85f89387eee4

SHA-1:
9576912c09465ecd4709c59f938e776d16a9b355

SHA-256:
bb04924d313d0fd77a89c3c8247c73e72621607d941d72c23f5763b9e48d2f27

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/4/2024 1:10:18 PM UTC  (today)

File size:
13.2 KB (13,512 bytes)

File type:
Driver (Win64 SYS)

Common path:
C:\Program Files\quick macros 2\qmphook.sys

Digital Signature
Signed by:
Gintaras Didzgalvis

Authority:
DigiCert Inc

Valid from:
1/27/2013 7:00:00 PM

Valid to:
2/5/2014 7:00:00 AM

Subject:
CN=Gintaras Didzgalvis, O=Gintaras Didzgalvis, L=Rokiskis, S=Rokiskis, C=LT

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0E6E11CBC0E77CF9D99FF3E591776037

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
192:G2elr8u+VLw6nkdZubhtkX4fTAgdFbGwaGZZ3xN5BdxK6CYGJR9vgE:GYNeZ9mTDdZJaGZZv/K6jGJRNgE

Entry point:
83, EC, 14, 56, 57, 8B, 3D, 18, 20, 01, 00, 68, CC, 20, 01, 00, 8D, 44, 24, 10, 50, FF, D7, 8B, 74, 24, 20, 8D, 4C, 24, 08, 51, 6A, 00, 6A, 00, 6A, 22, 8D, 54, 24, 1C, 52, 68, FC, 00, 00, 00, 56, FF, 15, 44, 20, 01, 00, 85, C0, 75, 63, 68, A4, 20, 01, 00, 8D, 44, 24, 18, 50, FF, D7, 8D, 4C, 24, 0C, 51, 8D, 54, 24, 18, 52, FF, 15, 40, 20, 01, 00, 8B, F8, 85, FF, 74, 15, 8B, 44, 24, 08, 50, FF, 15, 28, 20, 01, 00, 8B, C7, 5F, 5E, 83, C4, 14, C2, 08, 00, 8B, 4C, 24, 08, 89, 0D, 00, 30, 01, 00, C6, 05, 08, 30...
 
[+]

Entropy:
6.6218

Driver
Display name:
QM process triggers

Service name:
qmphook

Type:
Kernel device driver (KernelDriver)

Group:
PlugPlay


The file qmphook.sys has been discovered within the following programs.

Quick Macros 2  by Gintaras Didzgalvis
Publisher's description - “Quick Macros is a universal and extensible automation program. Use it to make your work more convenient and productive.”
www.quickmacros.com
6% remove it
 
Powered by Should I Remove It?

Scan qmphook.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.