home

ekt_websocket_server.exe

SOFTELEVEN Co.,Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Easykeytec Server’.
Publisher:
SOFTELEVEN Co.,Ltd.  (signed and verified)

MD5:
7b9a18608a6106fddc882a393f5b5411

SHA-1:
859f583120b45bbaabc8aeea5617dc882337e0bb

SHA-256:
2be1805472509d2837710627be72709f312ea0b18da940296aa9e6ee6f00accb

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/25/2024 8:44:27 AM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1077

File size:
347.1 KB (355,464 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\wideline\easykeytec v2.2\ekt_websocket_server.exe

Digital Signature
Signed by:
SOFTELEVEN Co.,Ltd.

Authority:
Thawte, Inc.

Valid from:
12/12/2013 9:00:00 AM

Valid to:
12/13/2015 8:59:59 AM

Subject:
CN="SOFTELEVEN Co.,Ltd.", OU=IT Team, O="SOFTELEVEN Co.,Ltd.", L=Anyang-si, S=Gyeonggi-do, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
69DA57D70128986AFB8AE63D82E98E94

File PE Metadata
Compilation timestamp:
12/8/2015 10:55:59 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
14.0

CTPH (ssdeep):
6144:TQvYjf61sHJAHOjgtaqaddqRfJPwcsH7PsXILFHJr73FF:TUYT64sOcvadIbwcUBLz3FF

Entry address:
0x1D09E

Entry point:
E8, 0B, 04, 00, 00, E9, 7A, FE, FF, FF, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 53, 56, 6A, 17, E8, 6C, 06, 00, 00, 85, C0, 74, 05, 8B, 4D, 08, CD, 29, 33, F6, 8D, 85, DC, FC, FF, FF, 68, CC, 02, 00, 00, 56, 50, 89, 35, CC, 25, 45, 00, E8, C3, 54, 00, 00, 83, C4, 0C, 89, 85, 8C, FD, FF, FF, 89, 8D, 88, FD, FF, FF, 89, 95, 84, FD, FF, FF, 89, 9D, 80, FD, FF, FF, 89, B5, 7C, FD, FF, FF, 89, BD, 78, FD, FF, FF, 66, 8C, 95, A4, FD, FF, FF, 66, 8C, 8D, 98, FD, FF, FF, 66, 8C, 9D, 74, FD, FF, FF, 66, 8C, 85, 70, FD...
 
[+]

Entropy:
6.4832

Code size:
241.5 KB (247,296 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Easykeytec Server

Command:
C:\Program Files\wideline\easykeytec v2.2\ekt_websocket_server.exe


Scan ekt_websocket_server.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.