home

haikeyuser_20345.exe

HTApp

Beijing HaitaiFangyuan High Technology Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘HaiKeyUser_20345’.
Publisher:
Beijing HaitaiFangyuan High Technology Co., Ltd.  (signed and verified)

Product:
HTApp

Description:
HTApp Microsoft

Version:
3, 6, 2009, 924

MD5:
a418bb00a0d5dc927cef2331526d401e

SHA-1:
0aa059187095f930773ba3a48f59480b98257b4c

SHA-256:
48fdd17de41d526419b7e86b31e0e2be5bd54c4b559e0e4846586d2d33760feb

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/20/2024 1:41:29 AM UTC  (today)

File size:
628.9 KB (644,000 bytes)

Product version:
3, 6, 2009, 924

Copyright:
Copyright (C) 2008

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\gecsp20345\gecsp20345\haikeyuser_20345.exe

Digital Signature
Signed by:
Beijing HaitaiFangyuan High Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
11/15/2010 8:00:00 AM

Valid to:
11/22/2013 7:59:59 AM

Subject:
CN="Beijing HaitaiFangyuan High Technology Co., Ltd.", OU=Techsupport Dept, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing HaitaiFangyuan High Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7E683C04981E3C137CAFF24C7487EC27

File PE Metadata
Compilation timestamp:
7/22/2011 11:14:46 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x4F2D5

Entry point:
E8, D4, 99, 00, 00, E9, 78, FE, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, D4, 1F, 48, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, D4, 1F, 48, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B...
 
[+]

Entropy:
6.5243

Code size:
400 KB (409,600 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
HaiKeyUser_20345

Command:
C:\Program Files\gecsp20345\gecsp20345\haikeyuser_20345.exe


Scan haikeyuser_20345.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.