» Handstar.exe
Overview
Analysis
File Details
Behaviors (1)

Handstar.exe

sh Handstar

Shenzhen Huion Animation Technology Co.,LTD

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘HandWrite’.

File name:

Handstar.exe

Publisher:

sh (signed by Shenzhen Huion Animation Technology Co.,LTD)

Product:

sh Handstar

Description:

Handstar

Version:

1, 0, 0, 1

MD5:

9524ffe8b788c97ca4ed8786a651bba2

SHA-1:

a80d8a53a2c9c91d0ce5cefb850edaf286f5cd50

SHA-256:

2a6551517bc277ad2160ba47a2296115536e9a65b49c6a10eda38ad75a458174

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

5/5/2024 1:29:19 AM UTC (today)

File size:

6.5 MB (6,808,288 bytes)

Product version:

1, 0, 0, 1

Original file name:

Handstar.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\handwrite\handstar.exe

Digital Signature

Signed by:

Shenzhen Huion Animation Technology Co.,LTD

Authority:

Symantec Corporation

Valid from:

2/2/2015 8:00:00 AM

Valid to:

2/3/2016 7:59:59 AM

Subject:

CN="Shenzhen Huion Animation Technology Co.,LTD", O="Shenzhen Huion Animation Technology Co.,LTD", L=Shenzhen, S=Guangdong, C=CN

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

4E659FB1DABC40A03D0FD8A61B3609A3

File PE Metadata

Compilation timestamp:

4/9/2015 1:16:29 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:/HjJfyHXl7M/wko7jgh+chSMDVXiWzlan5HcgXihv5hbwVCqtUgNhCL2wlVFpRC4:Iu7V270P6NLQtNqk

Entry address:

0x277FCC

Entry point:

E9, 7F, A9, 43, 00, E9, AA, BE, 42, 00, E9, 65, AD, 35, 00, E9, 30, 8A, 13, 00, E9, 0B, 0E, 11, 00, E9, 06, D1, 07, 00, E9, B1, 19, 42, 00, E9, 5C, F0, 2F, 00, E9, F7, EF, 0C, 00, E9, 12, 15, 02, 00, E9, 2D, DA, 2B, 00, E9, 88, A1, 3F, 00, E9, 83, C7, 2C, 00, E9, AE, 25, 1E, 00, E9, A9, 72, 1A, 00, E9, D4, D3, 08, 00, E9, 9F, 56, 33, 00, E9, EA, 50, 29, 00, E9, 15, A8, 28, 00, E9, 30, D1, 1C, 00, E9, EB, 45, 0C, 00, E9, 46, 8C, 16, 00, E9, 51, 84, 0E, 00, E9, EC, 03, 0E, 00, E9, C7, 14, 3F, 00, E9, 02, 56... 
[+]

Entropy:

5.4928

Developed / compiled with:

Microsoft Visual C++ 8.0 (Debug)

Code size:

5 MB (5,224,448 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

HandWrite

Command:

C:\Program Files\handwrite\handstar.exe

Scan Handstar.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.