» EloDkMon.exe
Overview
Analysis
File Details
Behaviors (1)

EloDkMon.exe

Tyco Electronics Touchscreen Driver Package for XP/Vista/Win7

Tyco Electronics

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘EloDkMon’.

File name:

EloDkMon.exe

Publisher:

Elo Touchsystems (signed by Tyco Electronics)

Product:

Tyco Electronics Touchscreen Driver Package for XP/Vista/Win7

Description:

Strings in English for Elo touchmonitors

MD5:

419ddb961a9ddf20c22cf61ad89fa9c2

SHA-1:

166a8935e57d8a4b98a7b40876b89c5702c63308

SHA-256:

33273ebd63ee730c7f57d7c2f13c6cbe44f8d3aae083075c617d4cdfaf567c87

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 5:22:47 PM UTC (today)

File size:

346.6 KB (354,896 bytes)

Product version:

5.4.1.0B

Original file name:

EloDkMon.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\elo touchsystems\elodkmon.exe

Digital Signature

Signed by:

Tyco Electronics

Authority:

VeriSign, Inc.

Valid from:

9/17/2009 8:00:00 PM

Valid to:

9/17/2012 7:59:59 PM

Subject:

CN=Tyco Electronics, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Tyco Electronics, L=Menlo Park, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5D0063959E381057DE7B823B877E0465

File PE Metadata

Compilation timestamp:

3/9/2012 7:13:38 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:hzZ9WmoFCrbsITyXnUDPf8cFE4fOzVN91JjRow0CGa0+IGJsDTy/DIvJ25f:hzZ1oFUbsImXUD3/fO79vACGLRGQNu

Entry address:

0x8ED5

Entry point:

E8, 7A, 82, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 56, 8B, 75, 0C, 56, E8, 54, 49, 00, 00, 89, 45, 0C, 8B, 46, 0C, 59, A8, 82, 75, 17, E8, 4F, 0F, 00, 00, C7, 00, 09, 00, 00, 00, 83, 4E, 0C, 20, 83, C8, FF, E9, 2F, 01, 00, 00, A8, 40, 74, 0D, E8, 34, 0F, 00, 00, C7, 00, 22, 00, 00, 00, EB, E3, 53, 33, DB, A8, 01, 74, 16, 89, 5E, 04, A8, 10, 0F, 84, 87, 00, 00, 00, 8B, 4E, 08, 83, E0, FE, 89, 0E, 89, 46, 0C, 8B, 46, 0C, 83, E0, EF, 83, C8, 02, 89, 46, 0C, 89, 5E, 04, 89, 5D, FC, A9, 0C, 01, 00... 
[+]

Entropy:

6.4877

Code size:

93.5 KB (95,744 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

EloDkMon

Command:

"C:\Program Files\elo touchsystems\elodkmon.exe"

Scan EloDkMon.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.