home

eMATE ON.exe

eMATE ON

Saerom Information Systems, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘eMATE ON’.
Publisher:
Saerom Information Systems, Inc.  (signed and verified)

Product:
eMATE ON

Version:
2, 6, 68, 2

MD5:
a590ebdf0dde7224c045eb69c944dc8c

SHA-1:
64831271834f0e93325d3ddc0b6df857cdbe5a9b

SHA-256:
0430662805c4f6dec79476ce724e7bfc92837195eb5163f216074be72cc61086

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/28/2024 5:19:17 AM UTC  (today)

File size:
2.6 MB (2,747,176 bytes)

Product version:
2, 6, 68, 2

Copyright:
(C) Saerom Information Systems, Inc.

Original file name:
eMATE ON.exe

File type:
Executable application (Win32 EXE)

Language:
Korean (Korea)

Common path:
C:\Program Files\kic\emate on\emate on.exe

Digital Signature
Signed by:
Saerom Information Systems, Inc.

Authority:
thawte, Inc.

Valid from:
5/13/2016 1:00:00 AM

Valid to:
7/13/2018 12:59:59 AM

Subject:
CN="Saerom Information Systems, Inc.", O="Saerom Information Systems, Inc.", L=Geumcheon-gu, S=Seoul, C=KR

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
35E4F8ECB35921E826AE00E2C27CE03B

File PE Metadata
Compilation timestamp:
6/29/2016 8:18:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:eBpQH1PEYQ65vzN/rlDumkpEP77joxcwpEB:eBpQH1PErwvfDumkpEj/1wM

Entry address:
0x1F319A

Entry point:
55, 8B, EC, 6A, FF, 68, 80, 82, 64, 00, 68, A4, 33, 5F, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 80, 2F, 63, 00, 59, 83, 0D, D8, 7A, 6A, 00, FF, 83, 0D, DC, 7A, 6A, 00, FF, FF, 15, 7C, 2F, 63, 00, 8B, 0D, BC, 75, 6A, 00, 89, 08, FF, 15, 78, 2F, 63, 00, 8B, 0D, B8, 75, 6A, 00, 89, 08, A1, 70, 2F, 63, 00, 8B, 00, A3, D4, 7A, 6A, 00, E8, C8, 01, 00, 00, 39, 1D, 40, A9, 69, 00, 75, 0C, 68, CE, 33, 5F, 00, FF, 15, 6C, 2F...
 
[+]

Entropy:
6.2027

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
2.2 MB (2,297,856 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
eMATE ON

Command:
C:\Program Files\kic\emate on\emate on.exe


Scan eMATE ON.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.