» hantoolagent.exe
Overview
Analysis
File Details
Behaviors (1)

hantoolagent.exe

주식회사 캔싱

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘HantoolAgent’.

File name:

hantoolagent.exe

Publisher:

Canthing, Inc. (signed by 주식회사 캔싱)

Description:

인천소방본부 101.19.100.224

Version:

4, 0, 0, 1

MD5:

806261eef638fb1b20b45bdbe742a8bb

SHA-1:

4d5118152a3bcdeadbbd18e764f882b1e9d7ac09

SHA-256:

23a4de045a4c6782cb12716dc48ab4c29c79b335b705bb2e1267adcd7a4bb7c3

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

6/15/2024 9:56:25 PM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.eHeur.Downloader

1.3.0.7400

File size:

632.3 KB (647,504 bytes)

Product version:

4, 0, 0, 1

Original file name:

hantoolagent.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\hantoolagent\hantoolagent.exe

Digital Signature

Signed by:

주식회사 캔싱

Authority:

thawte, Inc.

Valid from:

1/8/2015 9:00:00 AM

Valid to:

4/9/2016 8:59:59 AM

Subject:

CN=주식회사 캔싱, OU=Dev. Team, O=주식회사 캔싱, L=Yongsan-gu, S=SEOUL, C=KR

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

5B3649FE7DEC352A9EC7048A55DED5F1

File PE Metadata

Compilation timestamp:

7/29/2015 4:24:46 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:JUeehBFtfSnA7t9nElp3XJTXHEWqmaMNQqicAM6vcKspkQriAZ:XgJfIctozTXkWqmjlgMdriAZ

Entry address:

0x37820

Entry point:

8B, FF, 55, 8B, EC, E8, 46, 9F, 01, 00, E8, 11, 00, 00, 00, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 6A, FE, 68, 80, D9, 47, 00, 68, E0, 89, 43, 00, 64, A1, 00, 00, 00, 00, 50, 83, C4, 94, 53, 56, 57, A1, F0, 42, 48, 00, 31, 45, F8, 33, C5, 50, 8D, 45, F0, 64, A3, 00, 00, 00, 00, 89, 65, E8, C7, 45, 90, 00, 00, 00, 00, C7, 45, FC, 00, 00, 00, 00, 8D, 45, A0, 50, FF, 15, B8, A1, 46, 00, C7, 45, FC, FE, FF, FF, FF, EB, 26, B8, 01, 00, 00, 00, C3, 8B, 65, E8, C7... 
[+]

Entropy:

6.2721

Code size:

419.5 KB (429,568 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

HantoolAgent

Command:

C:\Program Files\hantoolagent\hantoolagent.exe

Scan hantoolagent.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.