» qubnfe.exe
Overview
Analysis
File Details
Behaviors (1)

qubnfe.exe

qubnfe

Quartzo Desenvolvimento de Software Ltda.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘qubnfe’.

File name:

qubnfe.exe

Publisher:

Quartzo Desenvolvimento de Software Ltda. (signed by Quartzo Desenvolvimento de Software Ltda.)

Product:

qubnfe

Description:

Qubnfe Module

Version:

2.06.0004

MD5:

24debfac2210e7129659b8df6d2d3832

SHA-1:

ae9675c26fcacd2779268426380fa1f8aa2c8ea6

Scanner detections:

4 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/27/2024 2:04:56 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Agent.792392.106

7.11.76.98

K7 AntiVirus

Trojan

13.166.8625

Trend Micro House Call

PAK_Generic.001

7.2.29

Trend Micro

PAK_Generic.001

10.465.29

File size:

773.8 KB (792,392 bytes)

Product version:

2.06.0004

Original file name:

qubnfe.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\qubnfe\qubnfe.exe

Digital Signature

Signed by:

Quartzo Desenvolvimento de Software Ltda.

Authority:

GoDaddy.com, Inc.

Valid from:

12/7/2010 6:26:27 PM

Valid to:

12/7/2011 6:26:27 PM

Subject:

CN=Quartzo Desenvolvimento de Software Ltda., O=Quartzo Desenvolvimento de Software Ltda., L=Itatiba, S=SP, C=BR

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B60C7D3AD688E

File PE Metadata

Compilation timestamp:

12/28/2010 8:12:42 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:jX/ARz6wA6BrGPnXYY4tXi9SM0YxNyLSfvWQXUfS/5iNS3fQXtlHDsB7z:rAd3YAYMXicMyLSFXeSBjf2lg

Entry address:

0x2A19C0

Entry point:

60, BE, 00, 90, 5E, 00, 8D, BE, 00, 80, E1, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 19, 8B, 1E, 83, EE, FC, 11, DB, 72, 10, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 78, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11... 
[+]

Packer / compiler:

UPX 2.90LZMA

Code size:

740 KB (757,760 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

qubnfe

Command:

C:\Program Files\qubnfe\qubnfe.exe \auto

Scan qubnfe.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.