home

HDWMASRV.exe

海盗湾服务程序

GuangxiNanningshi Shengtaian E-Commerce Development Co.,LTD.

It runs as a separate (within the context of its own process) windows Service named “HDWMASRV”.
Publisher:
Sta  (signed by GuangxiNanningshi Shengtaian E-Commerce Development Co.,LTD.)

Product:
海盗湾服务程序

Version:
1.14.4.25

MD5:
ed9fef79f6fe9602d0de52e4bd555d6b

SHA-1:
0e44fb990a4f085e78b603049b94f61ee02b32fd

SHA-256:
e56e4fc39a7721c6af1b11fe4f1721d2b49f670976b226b98fa95ab868f3f9b6

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 4:57:39 AM UTC  (today)

File size:
31 KB (31,704 bytes)

Product version:
1.14.4.25

Copyright:
Copyright (C) 2014

Original file name:
HDWMASRV.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Common path:
C:\Program Files\hdwapp\hdwmasrv.exe

Digital Signature
Signed by:
GuangxiNanningshi Shengtaian E-Commerce Development Co.,LTD.

Authority:
Thawte, Inc.

Valid from:
4/24/2014 9:00:00 AM

Valid to:
4/25/2015 8:59:59 AM

Subject:
CN="GuangxiNanningshi Shengtaian E-Commerce Development Co.,LTD.", O="GuangxiNanningshi Shengtaian E-Commerce Development Co.,LTD.", L=Nanning, S=Guangxi, C=CN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
57A07F5F478EC9930DB77FC749A93A8F

File PE Metadata
Compilation timestamp:
4/25/2014 11:58:04 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
384:QtjtBvU2Grlgcl/jn/guH+Z8ZZRcCNel5HxO/GQZilm9Budj:QjBvUjVNjnolsjreHROuQZOm9cj

Entry address:
0x2D5E

Entry point:
E8, 56, 06, 00, 00, E9, 63, FD, FF, FF, FF, 25, E8, 40, 40, 00, FF, 25, EC, 40, 40, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 83, 3D, B4, 6C, 40, 00, 00, 74, 2D, 55, 8B, EC, 83, EC, 08, 83, E4, F8, DD, 1C, 24, F2, 0F, 2C, 04, 24, C9, C3, 83, 3D, B4, 6C, 40, 00, 00, 74, 11, 83, EC, 04, D9, 3C, 24, 58, 66, 83, E0, 7F, 66, 83, F8, 7F, 74, D3, 55, 8B, EC, 83, EC, 20, 83, E4, F0, D9, C0, D9, 54, 24, 18, DF, 7C, 24, 10, DF, 6C, 24, 10, 8B, 54, 24, 18, 8B, 44, 24, 10, 85, C0, 74, 3C, DE, E9, 85, D2, 79...
 
[+]

Entropy:
5.1938

Code size:
10 KB (10,240 bytes)

Service
Display name:
HDWMASRV

Type:
Win32OwnProcess


Scan HDWMASRV.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.