» qubnfe.exe
Overview
Analysis
File Details
Behaviors (1)

qubnfe.exe

qubnfe

Quartzo Desenvolvimento de Software Ltda.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘qubnfe’.

File name:

qubnfe.exe

Publisher:

Quartzo Desenvolvimento de Software Ltda. (signed by Quartzo Desenvolvimento de Software Ltda.)

Product:

qubnfe

Version:

4.00.0009

MD5:

4856aa982709fafb43641cd1e55b9c28

SHA-1:

3025ba8685b76dfb8e9a5ef5ab1ad3a581f5affd

SHA-256:

8492fba8209a10f72309567e8ae8c0d43a4fba9dfa4fcc51364f5f010635e126

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/19/2024 8:47:01 PM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

AdWare.W32.InstallBrain

2.1.4+

F-Prot

W32/Ructo.A.gen

4.6.5.141

File size:

1.1 MB (1,130,808 bytes)

Product version:

4.00.0009

Original file name:

qubnfe.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\qubnfe\qubnfe.exe

Digital Signature

Signed by:

Quartzo Desenvolvimento de Software Ltda.

Authority:

GoDaddy.com, Inc.

Valid from:

12/5/2013 9:15:02 AM

Valid to:

12/19/2014 4:51:54 PM

Subject:

CN=Quartzo Desenvolvimento de Software Ltda., O=Quartzo Desenvolvimento de Software Ltda., L=Itatiba, S=São Paulo, C=BR

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B298821C190FF

File PE Metadata

Compilation timestamp:

5/22/2014 4:58:30 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:5KzOxwbpOzRlh3TIHHOl1G0cw9CL7B+sKjKG3c05/ojCkCo:5wiwbpONlh3gHOl1G0hI4s85gekCo

Entry address:

0x4F1AE0

Entry point:

60, BE, 00, 70, 7E, 00, 8D, BE, 00, A0, C1, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 19, 8B, 1E, 83, EE, FC, 11, DB, 72, 10, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 78, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11... 
[+]

Packer / compiler:

UPX 2.90LZMA

Code size:

1 MB (1,093,632 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

qubnfe

Command:

C:\Program Files\qubnfe\qubnfe.exe \auto

Scan qubnfe.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.