home

quiknowledge-setup-1.9.0.3.exe

QUIKNOWLEDGE

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application quiknowledge-setup-1.9.0.3.exe, “Quiknowledge Setup” by QUIKNOWLEDGE has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory.
Publisher:
QUIKNOWLEDGE  (signed and verified)

Product:
Quiknowledge

Description:
Quiknowledge Setup

Version:
1.9.0.3

MD5:
11aaf3565783a846d59a4008d367cc8b

SHA-1:
6a381f6d246a85fc310ba96e0741a33b14eca3c4

SHA-256:
b76ccebbaa253ab8e144cfe891cef5985535eb7a5e6d10701c0f54d6019b2b29

Scanner detections:
15 / 68

Status:
Adware

Analysis date:
4/24/2024 10:14:54 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.NYA
1002

Bitdefender
Adware.Agent.NYA
1.0.20.640

Dr.Web
Adware.Plugin.101
9.0.1.0128

Emsisoft Anti-Malware
Adware.Agent.NYA
8.14.05.08.03

F-Secure
Adware.Agent.NYA
11.2014-08-05_5

G Data
Adware.Agent.NYA
14.5.24

IKARUS anti.virus
AdWare.Agent
t3scan.1.6.1.0

Malwarebytes
PUP.Optional.Quiknowledge.A
v2014.05.08.03

MicroWorld eScan
Adware.Agent.NYA
15.0.0.384

NANO AntiVirus
Trojan.Win32.Plugin.cumlto
0.28.0.59608

nProtect
Adware.Agent.NYA
14.04.29.01

Reason Heuristics
PUP.Installer.QUIKNOWLEDGE.X
14.5.8.15

Sophos
QuickKnowledge
4.98

Trend Micro House Call
TROJ_GEN.F47V0421
7.2.128

VIPRE Antivirus
Adware.Agent
28688

File size:
1.1 MB (1,119,352 bytes)

Product version:
1.9.0.3

Copyright:
(c) 2013 Quiknowledge

Original file name:
quiknowledge-setup.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\29334883_stp\quiknowledge-setup-1.9.0.3.exe

Digital Signature
Signed by:
QUIKNOWLEDGE

Authority:
GlobalSign nv-sa

Valid from:
8/9/2013 5:08:06 AM

Valid to:
8/10/2014 5:08:06 AM

Subject:
E=support@quiknowledge.com, CN=QUIKNOWLEDGE, OU=QUIKNOWLEDGE, O=QUIKNOWLEDGE, L=La Jolla, S=CA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121DF7C70666AA82F10CCD4461A39593E7F

File PE Metadata
Compilation timestamp:
12/5/2009 2:52:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:ba4iEcZs867IqMP7vnuPHtPon4XE/6kBEt9TD:4EIh6czfuP30lKD

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.8144

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Remove quiknowledge-setup-1.9.0.3.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.