» qubnfe.exe
Overview
Analysis
File Details
Behaviors (1)

qubnfe.exe

qubnfe

Quartzo Desenvolvimento de Software Ltda.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘qubnfe’.

File name:

qubnfe.exe

Publisher:

Quartzo Desenvolvimento de Software Ltda. (signed by Quartzo Desenvolvimento de Software Ltda.)

Product:

qubnfe

Version:

3.07.0003

MD5:

a775802481fb090a4087f818ccd0691a

SHA-1:

16f8269d6c892e61eaf632d127c1882e2f8e5544

SHA-256:

7d504b171b1b0cccb7fd82fc1d71b1037658d1c2966ce8bd12ea9887faac7a15

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/25/2024 2:47:41 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

PCK/Themida

7.11.30.172

File size:

1.2 MB (1,225,048 bytes)

Product version:

3.07.0003

Original file name:

qubnfe.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\qubnfe\qubnfe.exe

Digital Signature

Signed by:

Quartzo Desenvolvimento de Software Ltda.

Authority:

GoDaddy.com, Inc.

Valid from:

12/20/2012 8:35:17 AM

Valid to:

12/19/2013 2:51:54 PM

Subject:

CN=Quartzo Desenvolvimento de Software Ltda., OU=info@interapp.com.br, O=Quartzo Desenvolvimento de Software Ltda., L=Itatiba, S=SP, C=BR

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

4B88AE7E9F70E7

File PE Metadata

Compilation timestamp:

9/13/2013 9:06:32 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:YY9MqBCF+5fUpaRrN9G0tAffCt+Q2iBBj30xqc7iN/tOzJ1m:/qqBCF+5fUpaJ1AfGBCccn1

Entry address:

0x47EC90

Entry point:

60, BE, 00, D0, 75, 00, 8D, BE, 00, 40, CA, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 19, 8B, 1E, 83, EE, FC, 11, DB, 72, 10, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 78, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11... 
[+]

Packer / compiler:

UPX 2.90LZMA

Code size:

1.1 MB (1,187,840 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

qubnfe

Command:

C:\Program Files\qubnfe\qubnfe.exe \auto

Scan qubnfe.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.