home

AMHookTray.exe

BlueCielo

BlueCielo ECM Solutions BV

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘AMHookTray64’. This is installed with BlueCielo Meridian Enterprise (x64).
Publisher:
BlueCielo ECM Solutions  (signed by BlueCielo ECM Solutions BV)

Product:
BlueCielo

Description:
BlueCielo Application Integration

Version:
9.2.2373.2373

MD5:
02654b8f2ef6a52f04583ec95617da99

SHA-1:
89ea03d8638545084ffd6e7c8106e5a91e9c9abf

SHA-256:
f585b8ddda9851c73d18779d016ef43545be8ec53eecedea17752699dfaa584c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 1:29:42 AM UTC  (today)

File size:
903.6 KB (925,312 bytes)

Product version:
9.2.2373.2373

Copyright:
Copyright © BlueCielo ECM Solutions 1998-2010

Original file name:
AMHookTray.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\bc-meridian\program\amhooktray.exe

Digital Signature
Signed by:
BlueCielo ECM Solutions BV

Authority:
VeriSign, Inc.

Valid from:
7/9/2009 7:00:00 PM

Valid to:
7/9/2012 6:59:59 PM

Subject:
CN=BlueCielo ECM Solutions BV, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=BlueCielo ECM Solutions BV, L=Rijswijk, S=Zuid-Holland, C=NL

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0AA3E07680987177909DF427B3AAEE2E

File PE Metadata
Compilation timestamp:
4/11/2011 11:02:27 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:mBjmweZRyPrCCdOATJ3JeFJ8mpb8fVm9h9Lx+J:mdmxiPrCCdJTJ3Jeb8mpb8tChpx+J

Entry address:
0x2EBD4

Entry point:
48, 83, EC, 28, E8, 67, 04, 00, 00, 48, 83, C4, 28, E9, F6, FC, FF, FF, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 8B, F2, 48, 8B, D9, F6, C2, 02, 74, 2A, 44, 8B, 41, F8, 4C, 8D, 0D, D2, 06, 00, 00, BA, 18, 00, 00, 00, E8, 5A, 01, 00, 00, 40, F6, C6, 01, 74, 09, 48, 8D, 4B, F8, E8, 0B, F3, FF, FF, 48, 8D, 43, F8, EB, 16, E8, AE, 06, 00, 00, 40, F6, C6, 01, 74, 08, 48, 8B, CB, E8, F2, F2, FF, FF, 48, 8B, C3, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, C3, CC, CC, CC...
 
[+]

Entropy:
5.6904

Code size:
513.5 KB (525,824 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
AMHookTray64

Command:
C:\Program Files\bc-meridian\program\amhooktray.exe


The file AMHookTray.exe has been discovered within the following program.

BlueCielo Meridian Enterprise (x64)  by BlueCielo ECM Solutions
www.BlueCieloECM.com
About 8% of users remove it
 
Powered by Should I Remove It?

Scan AMHookTray.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.