» DEP2012AutoReg.exe
Overview
Analysis
File Details
Behaviors (1)

DEP2012AutoReg.exe

Dewan Eja Pro 2012

The Name Technology Sdn. Bhd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DEP2012AutoReg’.

File name:

DEP2012AutoReg.exe

Publisher:

The Name Technology Sdn. Bhd. (signed and verified)

Product:

Dewan Eja Pro 2012

Description:

Dewan Eja Pro 2012 Auto Registration

Version:

2.0.1.4

MD5:

d3836aab6208b20e2d4f98603b3b1cac

SHA-1:

2e034ac44321e2fb2e4899edf037c67478f92b5b

SHA-256:

dca42f8fa68efd5730031584d325e548aa37367676c712f1a3b101337e8b4aa9

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 9:31:36 PM UTC (today)

File size:

1.3 MB (1,383,424 bytes)

Product version:

2.0.1.4

Original file name:

DEP2012AutoReg.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\the name technology\dewan eja pro 2012\dep2012autoreg.exe

Digital Signature

Signed by:

The Name Technology Sdn. Bhd.

Authority:

Thawte, Inc.

Valid from:

1/30/2011 8:00:00 AM

Valid to:

1/30/2013 7:59:59 AM

Subject:

CN=The Name Technology Sdn. Bhd., OU=Secure Application Development, O=The Name Technology Sdn. Bhd., L=Cyberjaya, S=Selangor, C=MY

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

275B5223B46BD00091E7CB139C898EFB

File PE Metadata

Compilation timestamp:

11/16/2011 2:14:00 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

24576:Fw0+amgeJ97ggVhA0CCmAuww7tOjWUObagQ0ifjvwL4BS8IakxmydJ/0:Fo+0Dq033w6MVcTwkqhs

Entry address:

0x2D4000

Entry point:

83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, 40, 11, 00, 2D, 9E, 0A, 6B, 00, 05, 93, 0A, 6B, 00, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, D5, 2D, B7, 59, 68, 00, 1F, B3, 0D, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, 47, 02, 01, 5A, BD, 6B, 67, 1A, 45, 12, 3A, 87, AC, 17... 
[+]

Entropy:

7.8722 (probably packed)

Code size:

316 KB (323,584 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

DEP2012AutoReg

Command:

"C:\Program Files\the name technology\dewan eja pro 2012\dep2012autoreg.exe"

Scan DEP2012AutoReg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.