home

hantoolagent.exe

HantoolPro 2014 Agent

주식회사 캔싱

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘HantoolAgent’.
Publisher:
Canthing, Inc.  (signed by 주식회사 캔싱)

Product:
HantoolPro 2014 Agent

Description:
Hantool Agent

Version:
4, 0, 0, 1

MD5:
ba21fcde1cb49e54b4ef609031af8621

SHA-1:
eb345f24dfe8aba5c493b4c8069334b819ee4899

SHA-256:
e2998b76eb14a0123c1c02e451896bc00f8322d817dc463a4637712c98911fff

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
6/16/2024 12:17:39 AM UTC  (today)

File size:
634.8 KB (650,048 bytes)

Product version:
4, 0, 0, 1

Copyright:
Copyright (c) Canthing, Inc. 2016

Original file name:
hantoolagent.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\hantoolagent\hantoolagent.exe

Digital Signature
Signed by:
주식회사 캔싱

Authority:
thawte, Inc.

Valid from:
1/8/2015 9:00:00 AM

Valid to:
4/9/2016 8:59:59 AM

Subject:
CN=주식회사 캔싱, OU=Dev. Team, O=주식회사 캔싱, L=Yongsan-gu, S=SEOUL, C=KR

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
5B3649FE7DEC352A9EC7048A55DED5F1

File PE Metadata
Compilation timestamp:
5/15/2015 3:17:39 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:C9HZYkwLezjlwkiveWRkbNJmaZvVS7CIOHAt+PZVKsp2uHGMC:w5QLez+Zz2matVSJAt2PMC

Entry address:
0x380D0

Entry point:
8B, FF, 55, 8B, EC, E8, D6, 9F, 01, 00, E8, 11, 00, 00, 00, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 6A, FE, 68, B0, EA, 47, 00, 68, 90, 92, 43, 00, 64, A1, 00, 00, 00, 00, 50, 83, C4, 94, 53, 56, 57, A1, F0, 52, 48, 00, 31, 45, F8, 33, C5, 50, 8D, 45, F0, 64, A3, 00, 00, 00, 00, 89, 65, E8, C7, 45, 90, 00, 00, 00, 00, C7, 45, FC, 00, 00, 00, 00, 8D, 45, A0, 50, FF, 15, BC, B1, 46, 00, C7, 45, FC, FE, FF, FF, FF, EB, 26, B8, 01, 00, 00, 00, C3, 8B, 65, E8, C7...
 
[+]

Entropy:
6.2740

Code size:
421.5 KB (431,616 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
HantoolAgent

Command:
C:\Program Files\hantoolagent\hantoolagent.exe


Scan hantoolagent.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.