home

eMATESM_Tray.EXE

eMATESM_Tray

Saerom Information Systems, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Scourt Session Manager’.
Publisher:
Saerom Information Systems, Inc.  (signed and verified)

Product:
eMATESM_Tray

Version:
1, 0, 4, 1

MD5:
7b34018ce7ae1ef9deca640a157d4fa3

SHA-1:
2eb73db943fd99060f70319e9eba0748ceb6a3cd

SHA-256:
8e18ae61013724e19acd6a55a25a7ecb64af51944621120916cab5fcec1a2fe5

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/20/2024 1:41:05 AM UTC  (today)

File size:
61.5 KB (62,944 bytes)

Product version:
1, 0, 4, 1

Copyright:
Copyright (C) Saerom Information Systems, Inc.

Original file name:
eMATESM_Tray.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\Windows\System32\ematesm_tray.exe

Digital Signature
Signed by:
Saerom Information Systems, Inc.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
3/18/2008 2:16:55 PM

Valid to:
3/18/2010 2:16:55 PM

Subject:
CN="Saerom Information Systems, Inc.", OU=R&D Center, O="Saerom Information Systems, Inc.", L=Guro-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
535C555A2DE452752FC604509B4A67C3

File PE Metadata
Compilation timestamp:
12/9/2009 6:04:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x54CD

Entry point:
55, 8B, EC, 6A, FF, 68, C0, 6A, 40, 00, 68, 54, 56, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, D0, 62, 40, 00, 59, 83, 0D, D4, 84, 40, 00, FF, 83, 0D, D8, 84, 40, 00, FF, FF, 15, D4, 62, 40, 00, 8B, 0D, C8, 84, 40, 00, 89, 08, FF, 15, D8, 62, 40, 00, 8B, 0D, C4, 84, 40, 00, 89, 08, A1, DC, 62, 40, 00, 8B, 00, A3, D0, 84, 40, 00, E8, 17, 01, 00, 00, 39, 1D, E0, 83, 40, 00, 75, 0C, 68, 50, 56, 40, 00, FF, 15, E0, 62...
 
[+]

Entropy:
5.6283

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
20 KB (20,480 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Scourt Session Manager

Command:
C:\Windows\System32\ematesm_tray.exe


Scan eMATESM_Tray.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.