home

qmphook.sys

Gintaras Didzgalvis

It runs as a Windows 64-bit kernel mode device driver named “QM process triggers”.
Publisher:
Gintaras Didzgalvis  (signed and verified)

MD5:
71a95aae9116499849bf1cfb231d5a2a

SHA-1:
b6b0e1b749ab1b608b124d3a352a85cc842b77be

SHA-256:
6370a0a9451b656a27857b5be1a3988aa5e1c89cd9b27974b82b7a04b2f54b2b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 9:12:49 AM UTC  (today)

File size:
15.7 KB (16,072 bytes)

File type:
Driver (Win64 SYS)

Common path:
C:\Program Files\quick macros 2\x64\qmphook.sys

Digital Signature
Signed by:
Gintaras Didzgalvis

Authority:
DigiCert Inc

Valid from:
1/28/2013 1:00:00 AM

Valid to:
2/5/2014 1:00:00 PM

Subject:
CN=Gintaras Didzgalvis, O=Gintaras Didzgalvis, L=Rokiskis, S=Rokiskis, C=LT

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0E6E11CBC0E77CF9D99FF3E591776037

File PE Metadata
Compilation timestamp:
5/25/2007 9:27:22 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
8.0

CTPH (ssdeep):
192:pjSOUubRPcTYhh0myjdZubhtkX4fTAgdFbGwaGZZ3xN5BdxK6CYGWx:nUubRUE0m+Z9mTDdZJaGZZv/K6jGWx

Entry address:
0x1790

Entry point:
48, 83, EC, 78, 48, 89, 9C, 24, 90, 00, 00, 00, 48, 8B, D9, 48, 8D, 15, 6A, 09, 00, 00, 48, 8D, 4C, 24, 48, FF, 15, 7F, 08, 00, 00, 4C, 8D, 5C, 24, 40, 4C, 8D, 44, 24, 48, 4C, 89, 5C, 24, 30, 41, B9, 22, 00, 00, 00, BA, 08, 01, 00, 00, 48, 8B, CB, C6, 44, 24, 28, 00, C7, 44, 24, 20, 00, 00, 00, 00, FF, 15, 9F, 08, 00, 00, 85, C0, 0F, 85, 87, 00, 00, 00, 48, 8D, 15, F8, 08, 00, 00, 48, 8D, 4C, 24, 58, 48, 89, BC, 24, 98, 00, 00, 00, FF, 15, 2D, 08, 00, 00, 48, 8D, 54, 24, 48, 48, 8D, 4C, 24, 58, FF, 15, 65...
 
[+]

Code size:
3.5 KB (3,584 bytes)

Driver
Display name:
QM process triggers

Service name:
qmphook

Type:
Kernel device driver (KernelDriver)

Group:
PlugPlay


Scan qmphook.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.