home

quhlpsvc.exe

Quick Heal AntiVirus

Quick Heal Technologies (Pvt) Ltd.

The executable quhlpsvc.exe, “Quick Update Helper Service” has been detected as malware by 5 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “Quick Update Service”.
Publisher:
Quick Heal Technologies (P) Ltd.  (signed by Quick Heal Technologies (Pvt) Ltd.)

Product:
Quick Heal AntiVirus

Description:
Quick Update Helper Service

Version:
9.0.0.1

MD5:
19e9e3edad59facf22edc401c89254d7

SHA-1:
2b507d480187f200fc9f0f37f2cc8332d0e4ef82

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
4/20/2024 3:30:25 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
W32/Sality.Patched
8.3.2.4

F-Prot
W32/Patched.Y.gen
v6.4.7.1.166

McAfee
Artemis!19E9E3EDAD59
5600.6489

Qihoo 360 Security
Win32/Virus.7c2
1.0.0.1077

Rising Antivirus
PE:Junk.FileBroken!1.9A81 [F]
23.00.65.16213

File size:
124.6 KB (127,600 bytes)

Product version:
16.00

Copyright:
© Quick Heal Technologies (P) Ltd. All rights reserved.

Original file name:
quhlpsvc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\quick heal\quick heal total security\quhlpsvc.exe

Digital Signature
Signed by:
Quick Heal Technologies (Pvt) Ltd.

Authority:
VeriSign, Inc.

Valid from:
8/14/2013 5:30:00 AM

Valid to:
10/13/2016 5:29:59 AM

Subject:
CN=Quick Heal Technologies (Pvt) Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Quick Heal Technologies (Pvt) Ltd., L=Pune, S=Maharashtra, C=IN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1B1E84B021B58A4729D1069BA28480BB

File PE Metadata
Compilation timestamp:
8/27/2014 3:25:49 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
3072:+J2MI+q2aFCzdN+kjnmbBTCmz7bc73YF5iJT:+JdI5tFCzdNwbBTCinc7Iat

Entry address:
0xBA07

Entry point:
C3, C3, C3, C3, C3, C3, C3, C3, FF, FF, 2D, A4, 03, 00, 00, 74, 22, 83, E8, 04, 74, 17, 83, E8, 0D, 74, 0C, 48, 74, 03, 33, C0, C3, B8, 04, 04, 00, 00, C3, B8, 12, 04, 00, 00, C3, B8, 04, 08, 00, 00, C3, B8, 11, 04, 00, 00, C3, 8B, FF, 56, 57, 8B, F0, 68, 01, 01, 00, 00, 33, FF, 8D, 46, 1C, 57, 50, E8, 89, D3, FF, FF, 33, C0, 0F, B7, C8, 8B, C1, 89, 7E, 04, 89, 7E, 08, 89, 7E, 0C, C1, E1, 10, 0B, C1, 8D, 7E, 10, AB, AB, AB, B9, 70, E2, 41, 00, 83, C4, 0C, 8D, 46, 1C, 2B, CE, BF, 01, 01, 00, 00, 8A, 14, 01...
 
[+]

Entropy:
6.5125

Code size:
93 KB (95,232 bytes)

Service
Display name:
Quick Update Service

Type:
Win32OwnProcess


Remove quhlpsvc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.