home

bufmonitor.exe

联想硬盘保护系统辅助

Xi'an Saming Technology Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘bufmon’.
Publisher:
Xi'an Saming Technology Co., Ltd.  (signed and verified)

Product:
联想硬盘保护系统辅助

Description:
动态缓冲区监视程序

Version:
2, 0, 0, 4672

MD5:
a19da03d256a8dbcc6f13cad4ea4fd82

SHA-1:
b8118c1a67f48e99585e48a5c26550503610489f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 2:47:38 PM UTC  (today)

File size:
50.5 KB (51,744 bytes)

Product version:
2, 0, 0, 4672

Copyright:
版权所有(C) 2009 西安三茗科技有限责任公司

Original file name:
BufferMonitor.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\Windows\System32\lenovo\bufmonitor.exe

Digital Signature
Signed by:
Xi'an Saming Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
12/7/2007 8:00:00 AM

Valid to:
12/7/2010 7:59:59 AM

Subject:
CN="Xi'an Saming Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Xi'an Saming Technology Co., Ltd.", L=Xi'an, S=ShanXi, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2D96DFEFFB9054622018ADC22F170388

File PE Metadata
Compilation timestamp:
12/26/2009 10:47:53 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:6rdQqAE/NYVGbx3OBBLOnYzjedqg5wOcF15YPLAmkbN4:KDAEV+FBYCedqg5UYPLAN4

Entry address:
0x37F0

Entry point:
55, 8B, EC, 6A, FF, 68, 78, 4A, 40, 00, 68, 80, 39, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 28, 43, 40, 00, 59, 83, 0D, 40, 65, 40, 00, FF, 83, 0D, 44, 65, 40, 00, FF, FF, 15, 2C, 43, 40, 00, 8B, 0D, 20, 65, 40, 00, 89, 08, FF, 15, 30, 43, 40, 00, 8B, 0D, 1C, 65, 40, 00, 89, 08, A1, 34, 43, 40, 00, 8B, 00, A3, 3C, 65, 40, 00, E8, 4E, 01, 00, 00, 39, 1D, E0, 63, 40, 00, 75, 0C, 68, AA, 39, 40, 00, FF, 15, 38, 43...
 
[+]

Entropy:
4.7894

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
12 KB (12,288 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
bufmon

Command:
C:\Windows\System32\lenovo\bufmonitor.exe


Scan bufmonitor.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.