You will typically find this executable after installing:
Important: If you do not use any Amped Software products or a customized QuickBooks environment, the presence of
amped-qbpatch.exeis highly irregular and should be investigated.
Notable strings found:
C:\ProgramData\Ample\patch.bat
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
qbpatch32.dll
http://update.ample[.]com/patch/qb/latest.bin
amp_sound_keygen.exe
--force --silent
DeleteFileA
These strings indicate:
| Attribute | Value |
|-----------|-------|
| Compile Time | [Check with pesec or exiftool] |
| Entropy | [High entropy suggests packing/encryption] |
| Digital Signature | Absent / Invalid |
| Imported DLLs | Kernel32, User32, Advapi32, Wininet, Shell32 |
| Suspicious Imports | WinExec, CreateRemoteThread, RegSetValue, URLDownloadToFile |
You will typically find this executable after installing:
Important: If you do not use any Amped Software products or a customized QuickBooks environment, the presence of
amped-qbpatch.exeis highly irregular and should be investigated. amped-qbpatch.exe
Notable strings found:
C:\ProgramData\Ample\patch.bat
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
qbpatch32.dll
http://update.ample[.]com/patch/qb/latest.bin
amp_sound_keygen.exe
--force --silent
DeleteFileA
These strings indicate:
| Attribute | Value |
|-----------|-------|
| Compile Time | [Check with pesec or exiftool] |
| Entropy | [High entropy suggests packing/encryption] |
| Digital Signature | Absent / Invalid |
| Imported DLLs | Kernel32, User32, Advapi32, Wininet, Shell32 |
| Suspicious Imports | WinExec, CreateRemoteThread, RegSetValue, URLDownloadToFile | You will typically find this executable after installing: