home

GrooveMonitor.exe

GrooveMonitor Utility

Microsoft Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘GrooveMonitor’.
Publisher:
Microsoft Corporation

Product:
GrooveMonitor Utility

Version:
12.0.4518.1014

MD5:
4cd18b5550c3509aa8bcf447ae728897

SHA-1:
19d5b8f397fb2088d1d493a188f7c38b74848591

SHA-256:
abd95a46848440273cca885004c13b909885cc6f3d789d3d1a46a14af25c7146

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/20/2024 2:39:37 AM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Startup.MicrosoftCorporation.N
188861

File size:
98.3 KB (100,648 bytes)

Product version:
4.2.0.2623

Copyright:
© 2006 Microsoft Corporation. All rights reserved.

Original file name:
GrooveMonitor.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\microsoft office\office12\groovemonitor.exe

File PE Metadata
Compilation timestamp:
10/27/2006 10:53:53 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
1536:49OrbUKZV2LSSsDjvCxFJwTRyWXasoFwiLBQaIu8OBDKbd0sBNZox1a1/nuPJSgO:49OrbUqwSStJNtS+Kbbd3oxSf8KW

Entry address:
0x2A96

Entry point:
60, 86, C1, 0F, BE, D1, 8D, 1D, CF, 83, 9A, A7, 84, E8, F6, C6, F8, 10, E3, 3D, 06, 72, 00, 00, 84, C1, 69, D8, C6, 67, 75, E0, B2, F9, F3, 73, 08, 80, E1, 07, 28, E8, 0F, AF, C8, 81, F9, CE, C6, 00, 00, 71, 03, C6, C4, F0, E8, 00, 00, 00, 00, 58, 81, FD, 86, 4F, 00, 00, 73, 07, 80, DE, A0, 87, D2, FF, CE, FE, CA, 0F, BF, D5, 84, C2, 73, 07, 88, E6, 8B, D1, 0F, AF, F0, 86, FB, 11, EA, 81, C1, 72, 12, 00, 00, 89, CA, 8D, 35, 59, 50, 14, 20, 81, C2, AE, AD, 3E, 01, 81, E9, 3F, 09, 00, 00, FF, CA, 0F, AF, EF...
 
[+]

Entropy:
7.6961

Code size:
10.5 KB (10,752 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
GrooveMonitor

Command:
"C:\Program Files\microsoft office\office12\groovemonitor.exe"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to unlimited2.hosted-by.dimofinf.net  (85.17.216.23:80)

TCP (HTTP):
Connects to server-46.45.167.150.as42926.net  (46.45.167.150:80)

TCP (HTTP):
Connects to 2363210.sites.myregisteredsite.com  (209.237.150.20:80)

Scan GrooveMonitor.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.