home

ExTOUCHstartup.exe

ExTOUCH

2ndFACTORY CO., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ExTOUCH’.
Publisher:
2ndFACTORY Co.,Ltd.  (signed by 2ndFACTORY CO., Ltd.)

Product:
ExTOUCH

Description:
ExTOUCH startup

Version:
1.0.0.0

MD5:
7ca1e4af065da77f9d8f20b1ed9f7245

SHA-1:
2377c1da1f472d4151c900077b4d98d8dada2b4a

SHA-256:
e12ddf01dad1119e6504968651676ab7bf66a3790db94ecdb63d33f73f2a3611

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/8/2024 12:28:23 AM UTC  (today)

File size:
52.4 KB (53,680 bytes)

Product version:
1.0.0.0

Copyright:
Copyright (C) 2011 2ndFACTORY Co.,Ltd. All Rights Reserved.

Original file name:
ExTOUCHstartup.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\2ndfactory\extouch\extouchstartup.exe

Digital Signature
Signed by:
2ndFACTORY CO., Ltd.

Authority:
VeriSign, Inc.

Valid from:
5/30/2012 9:00:00 AM

Valid to:
5/31/2013 8:59:59 AM

Subject:
CN="2ndFACTORY CO., Ltd.", OU=Sales, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="2ndFACTORY CO., Ltd.", L=Fuchu-shi, S=Tokyo, C=JP

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1CAC33D63F2475D705823A3FBB81FD1C

File PE Metadata
Compilation timestamp:
12/15/2011 12:23:00 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
768:EnzQljdPuTJjYUmL9Wj6BpnbAbdXGkDfq3XZCD/CL6YyAIILq/:oexuT/ngbAbdXBC0GL6/Ym/

Entry address:
0x1D90

Entry point:
48, 83, EC, 28, E8, 3B, 21, 00, 00, 48, 83, C4, 28, E9, 52, FE, FF, FF, CC, CC, 48, 85, C9, 74, 37, 53, 48, 83, EC, 20, 4C, 8B, C1, 48, 8B, 0D, 58, B0, 00, 00, 33, D2, FF, 15, D0, 52, 00, 00, 85, C0, 75, 17, E8, 7B, 09, 00, 00, 48, 8B, D8, FF, 15, 96, 52, 00, 00, 8B, C8, E8, 23, 09, 00, 00, 89, 03, 48, 83, C4, 20, 5B, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 8B, C1, 49, 83, F8, 08, 72, 53, 0F, B6, D2, 49, B9, 01, 01...
 
[+]

Entropy:
5.9152

Code size:
23.5 KB (24,064 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ExTOUCH

Command:
C:\Program Files\2ndfactory\extouch\extouchstartup.exe


Scan ExTOUCHstartup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.