home

APDeskHlp.exe

DoctorSoft AnyPC

Doctorsoft Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘CoolGate’.
Publisher:
Doctorsoft  (signed by Doctorsoft Co., Ltd.)

Product:
DoctorSoft AnyPC

Description:
AnyPC DeskHelper

Version:
1, 0, 0, 25

MD5:
9ad8154b5a7777f1369614d30474db1e

SHA-1:
b4f5a45b92909cb0801133f3d6e6f8491880dc4e

SHA-256:
659fa221edfa294f7e84980e768687cde0d2cb4e6a3df6b0ff59348f2df9d9be

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/23/2024 4:47:18 PM UTC  (today)

File size:
89.5 KB (91,648 bytes)

Product version:
1, 0, 0, 25

Copyright:
Copyright ⓒ 2009 by Doctorsoft

Original file name:
APDeskHlp.exe

File type:
Executable application (Win32 EXE)

Language:
Korean (Korea)

Common path:
C:\Program Files\anypc server\apdeskhlp.exe

Digital Signature
Signed by:
Doctorsoft Co., Ltd.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
11/18/2008 3:08:51 AM

Valid to:
12/16/2010 5:00:10 AM

Subject:
CN="Doctorsoft Co., Ltd.", OU=Marketing Team, O="Doctorsoft Co., Ltd.", L=Gurogu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
3E3450F58F4FCBC77C596FA7F248C067

File PE Metadata
Compilation timestamp:
11/19/2009 3:55:40 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
1536:0cwsv27hxhp7iSr0rcXUTI/Tu2vhAmt0kSln42:sN7x0Qy2vhnt0kSlnb

Entry address:
0x3120

Entry point:
E8, 36, 4A, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 51, 56, 8B, 75, 0C, 56, E8, 89, 2F, 00, 00, 89, 45, 0C, 8B, 46, 0C, A8, 82, 59, 75, 17, E8, D2, 0C, 00, 00, C7, 00, 09, 00, 00, 00, 83, 4E, 0C, 20, 83, C8, FF, E9, 2D, 01, 00, 00, A8, 40, 74, 0D, E8, B7, 0C, 00, 00, C7, 00, 22, 00, 00, 00, EB, E3, 53, 33, DB, A8, 01, 74, 16, A8, 10, 89, 5E, 04, 0F, 84, 85, 00, 00, 00, 8B, 4E, 08, 83, E0, FE, 89, 0E, 89, 46, 0C, 8B, 46, 0C, 83, E0, EF, 83, C8, 02, 66, A9, 0C, 01, 89, 46, 0C, 89, 5E, 04, 89, 5D, FC, 75, 2C...
 
[+]

Entropy:
5.8396

Code size:
52 KB (53,248 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
CoolGate

Command:
C:\Program Files\anypc server\apdeskhlp.exe


Scan APDeskHlp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.