» HKCMD.EXE
Overview
Analysis
File Details
Behaviors (1)

HKCMD.EXE

Intel Common User Interface

Intel Corporation

The hkcmd Module is part of Intel's Common User Interface for chipsets with integrated graphics controllers and provides hotkey support. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘HotKeysCmds’.

File name:

HKCMD.EXE

Publisher:

Intel Corporation (signed and verified)

Product:

Intel(R) Common User Interface

Description:

hkcmd Module

Version:

7.14.10.1329

MD5:

94d5e6c9f006500c906f4e5e0c644fec

SHA-1:

06e8e53609ac7627337f7a7ca17167e735315934

SHA-256:

48a8947b45fe5938549bd74e53b7989bb86a7a477137877e556eaa278c4bbd48

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 3:49:29 PM UTC (today)

File size:

150.5 KB (154,136 bytes)

Product version:

7.14.10.1329

Original file name:

HKCMD.EXE

File type:

Executable application (Win32 EXE)

Common path:

C:\Windows\System32\hkcmd.exe

Digital Signature

Signed by:

Intel Corporation

Authority:

VeriSign, Inc.

Valid from:

4/13/2006 9:00:00 AM

Valid to:

4/23/2008 8:59:59 AM

Subject:

CN=Intel Corporation, OU=ISWQL, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Intel Corporation, L=Folsom, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5E419FC3EE1859A6BD80C35CC4705AC2

File PE Metadata

Compilation timestamp:

9/14/2007 7:10:59 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

1536:IojyQaG9QKrwQqCzOScLzdpQfaaN4282iiJJmmkTqECeAetg4J/iCoYlwfLqtnHO:IojypsrQlpQfxmlqQ/oQwfLqtneg4

Entry address:

0xC97D

Entry point:

E8, 36, 5A, 00, 00, E9, 16, FE, FF, FF, 6A, 0C, 68, 20, D9, 41, 00, E8, 75, F3, FF, FF, 6A, 0E, E8, 96, 39, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 68, 2E, 42, 00, BA, 64, 2E, 42, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, 5D, F0, FF, FF, 59, FF, 76, 04, E8, 54, F0, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 64, F3, FF, FF, C3, 8B, D0, EB, C5, 6A, 0E, E8, 63, 38, 00, 00, 59, C3, 8B, 44, 24, 04, A3, 6C... 
[+]

Entropy:

6.3431

Code size:

100 KB (102,400 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

HotKeysCmds

Command:

C:\Windows\System32\hkcmd.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.