home

eyefoo.exe

眼睛护士(EyeFoo)

Henxi Technology Co., Ltd.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘EyeFoo3’.
Publisher:
EyeFoo.com  (signed by Henxi Technology Co., Ltd.)

Product:
眼睛护士(EyeFoo)

Description:
眼睛护士-提醒休息,保护眼睛的健康软件

Version:
3.0.18.301

MD5:
055c2aee2885ddb414d25f931668696f

SHA-1:
93d052f17aa330dee9ba02940010d3254885bbc6

SHA-256:
8d4b621c484c2d812d89994b8b96c8c2be999294e2b523074a0fa0848df8c9a3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 8:45:43 AM UTC  (today)

File size:
710.2 KB (727,216 bytes)

Product version:
3.0.18.301

Copyright:
版权所有 (C) 眼睛护士开发组 保留所有权利

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\eyefoo3\eyefoo.exe

Digital Signature
Signed by:
Henxi Technology Co., Ltd.

Authority:
COMODO CA Limited

Valid from:
2/13/2012 8:00:00 AM

Valid to:
2/13/2013 7:59:59 AM

Subject:
CN="Henxi Technology Co., Ltd.", O="Henxi Technology Co., Ltd.", STREET="4th floor 31 (D20), Area A,Jinhui Building", STREET=West Of Nanyou Road, STREET=Nanshan District, L=ShenZhen, S=GuangDong, PostalCode=518000, C=CN

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DBEF5677035DCE561D6070823A0218CA

File PE Metadata
Compilation timestamp:
8/24/2012 10:42:48 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:pAkGlPHNT92WMSK+St1ueWN4HCE9NmBuvFzTjz1SQjq:pAzlPF92PCKCE9NcWjpSQjq

Entry address:
0x5C90C

Entry point:
E8, EF, 61, 00, 00, E9, 17, FE, FF, FF, 51, C7, 01, EC, 11, 48, 00, E8, 72, 62, 00, 00, 59, C3, 56, 8B, F1, E8, EA, FF, FF, FF, F6, 44, 24, 08, 01, 74, 07, 56, E8, C6, A9, FD, FF, 59, 8B, C6, 5E, C2, 04, 00, 8B, 44, 24, 04, 83, C1, 09, 51, 83, C0, 09, 50, E8, BF, 62, 00, 00, F7, D8, 59, 1B, C0, 59, 40, C2, 04, 00, 3B, 0D, 00, 17, 4A, 00, 75, 02, F3, C3, E9, 2E, 63, 00, 00, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, 72, 2A, 00, 00, 6A, 16, 5E, 89, 30, 57...
 
[+]

Entropy:
6.3348

Code size:
488 KB (499,712 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
EyeFoo3

Command:
C:\Program Files\eyefoo3\eyefoo.exe


Scan eyefoo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.