» ecp.exe
Overview
Analysis
File Details
Behaviors (1)

ecp.exe

Nikolay Kuznetsov

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Easy Copy Paste’.

File name:

ecp.exe

Publisher:

Nikolay Kuznetsov (signed and verified)

MD5:

d90d9f1c26eae5daac5dbf5df32b6983

SHA-1:

a62e6b30c6756764d97d11612d36e0044a6da5b3

SHA-256:

2a790585fb69d8dedd203325e40177059c5668a2a0ca87fbc11c2169fc38230f

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/24/2024 12:52:33 PM UTC (today)

Scan engine

Detection

Engine version

McAfee

Artemis!D90D9F1C26EA

5600.6450

Total Defense

Win32/Inject.C!generic

37.1.62.1

File size:

61 KB (62,504 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\softexe\easy copy paste\ecp.exe

Digital Signature

Signed by:

Nikolay Kuznetsov

Authority:

StartCom Ltd.

Valid from:

5/15/2012 11:45:29 PM

Valid to:

5/16/2014 10:40:39 PM

Subject:

E=adasoft@gmail.com, CN=Nikolay Kuznetsov, L=Kostroma, S=Kostroma Oblast, C=RU, Description=4nYnxiuzB4w6gL2G

Issuer:

CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:

0626

File PE Metadata

Compilation timestamp:

10/10/2013 9:01:13 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.50

CTPH (ssdeep):

1536:rq4wAvl6osd/jxJLF83PEbaifawdfOdSF1:+4wel6ocjxJxacaWawd71

Entry address:

0x1000

Entry point:

68, 98, 00, 00, 00, 68, 00, 00, 00, 00, 68, 6C, F2, 40, 00, E8, 30, 30, 00, 00, 83, C4, 0C, 68, 00, 00, 00, 00, E8, 29, 30, 00, 00, A3, 70, F2, 40, 00, 68, 00, 00, 00, 00, 68, 00, 10, 00, 00, 68, 00, 00, 00, 00, E8, 16, 30, 00, 00, A3, 6C, F2, 40, 00, E8, 6C, 9E, 00, 00, E8, 17, 9D, 00, 00, E8, 0F, 93, 00, 00, E8, DD, 92, 00, 00, E8, B4, 92, 00, 00, E8, 26, 92, 00, 00, E8, 3E, 88, 00, 00, E8, 0A, 86, 00, 00, E8, D9, 6E, 00, 00, E8, E8, 5A, 00, 00, E8, C9, 55, 00, 00, E8, DA, 53, 00, 00, E8, 41, 48, 00, 00... 
[+]

Entropy:

6.4260

Packer / compiler:

PKLITE32, 0x1.1

Code size:

42 KB (43,008 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Easy Copy Paste

Command:

C:\users\{user}\appdata\roaming\softexe\easy copy paste\ecp.exe

Scan ecp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.