» qmserv.exe
Overview
Analysis
File Details
Behaviors (1)

qmserv.exe

Gintaras Didzgalvis

It runs as a separate (within the context of its own process) windows Service named “Quick Macros”.

File name:

qmserv.exe

Publisher:

Gintaras Didzgalvis (signed and verified)

MD5:

fd418662a31811bceab6a9ac2b7bd07a

SHA-1:

a00c6cdf639e6fcec5eef2967f1c532eccbb5345

SHA-256:

36454ca5296e0f7a8ddf886e378bb1d41914c60a8c360bd57ed2724cd907e6db

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 5:29:53 PM UTC (today)

File size:

59.4 KB (60,800 bytes)

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\quick macros 2\qmserv.exe

Digital Signature

Signed by:

Gintaras Didzgalvis

Authority:

DigiCert Inc

Valid from:

2/5/2014 5:30:00 AM

Valid to:

5/3/2017 5:30:00 PM

Subject:

CN=Gintaras Didzgalvis, O=Gintaras Didzgalvis, L=Rokiskis, S=Rokiskis, C=LT

Issuer:

CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

020A43DE2CC0262B5F798198E119F708

File PE Metadata

Compilation timestamp:

1/27/2014 2:08:32 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

768:FYBHjwhuDMd36OzF4mfCECpITURWGMCB8DRsi984xAdKgX:FYihuOtypIFCiRsi984xAdd

Entry address:

0x29DE

Entry point:

E8, D6, 3B, 00, 00, E9, 78, FE, FF, FF, 55, 8B, EC, 83, EC, 04, 89, 7D, FC, 8B, 7D, 08, 8B, 4D, 0C, C1, E9, 07, 66, 0F, EF, C0, EB, 08, 8D, A4, 24, 00, 00, 00, 00, 90, 66, 0F, 7F, 07, 66, 0F, 7F, 47, 10, 66, 0F, 7F, 47, 20, 66, 0F, 7F, 47, 30, 66, 0F, 7F, 47, 40, 66, 0F, 7F, 47, 50, 66, 0F, 7F, 47, 60, 66, 0F, 7F, 47, 70, 8D, BF, 80, 00, 00, 00, 49, 75, D0, 8B, 7D, FC, 8B, E5, 5D, C3, 55, 8B, EC, 83, EC, 10, 89, 7D, FC, 8B, 45, 08, 99, 8B, F8, 33, FA, 2B, FA, 83, E7, 0F, 33, FA, 2B, FA, 85, FF, 75, 3C, 8B... 
[+]

Entropy:

6.4176

Code size:

33.5 KB (34,304 bytes)

Service

Display name:

Quick Macros

Service name:

quickmacros2

Type:

Win32OwnProcess

Group:

PlugPlay

Scan qmserv.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.