» hndclient.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

hndclient.exe

HandyCafe Client

Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘hndclient’. This file is installed with the program handyCafe Client.

File name:

hndclient.exe

Publisher:

Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti (signed and verified)

Product:

HandyCafe Client

Version:

3.3.1.6

MD5:

b97a6718402a5428b8f6277ca58e39db

SHA-1:

a03ffdc17e19a709b543ad4d09034210969a6da0

SHA-256:

d8529242f594789bc379229cd5c0dfed381d91d93ab206b54d38e04a34984b2b

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/23/2024 9:07:24 AM UTC (today)

Scan engine

Detection

Engine version

Norman

Malware

11.20150529

File size:

2 MB (2,099,544 bytes)

Product version:

3.3.16

Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti

Trademarks:

Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti

Original file name:

hndclient.exe

File type:

Executable application (Win32 EXE)

Language:

Turc (Turquie)

Common path:

C:\Program Files\handycafe\client\hndclient.exe

Digital Signature

Signed by:

Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti

Authority:

VeriSign, Inc.

Valid from:

5/4/2009 2:00:00 AM

Valid to:

5/5/2010 1:59:59 AM

Subject:

CN="Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti", L=Istanbul, S=Istanbul, C=TR

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

716F910B0E1E48997DB119F203A7C144

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:XS/YlSeafM5qQO0sLg7OEhMgEvXqcZR4VyCHbq8T5815EJ5:XS/JMUNUFuggqcZR4EYtT58rEJ5

Entry address:

0x173EDC

Entry point:

55, 8B, EC, B9, 05, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, B8, AC, 36, 57, 00, E8, 06, 34, E9, FF, 8B, 1D, 3C, 34, 58, 00, 33, C0, 55, 68, B0, 40, 57, 00, 64, FF, 30, 64, 89, 20, 68, C0, 40, 57, 00, 6A, 00, 68, 01, 00, 1F, 00, E8, 5D, 3A, E9, FF, A3, 0C, 9F, 58, 00, 83, 3D, 0C, 9F, 58, 00, 00, 76, 10, A1, 0C, 9F, 58, 00, 50, E8, 7C, 36, E9, FF, E9, 5C, 01, 00, 00, 6A, 00, 68, D0, 40, 57, 00, E8, D3, 3F, E9, FF, 85, C0, 0F, 87, 48, 01, 00, 00, 68, C0, 40, 57, 00, 6A, 00, 6A, 00, E8, 95, 36, E9, FF, A3... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

1.4 MB (1,520,128 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

hndclient

Command:

C:\Program Files\handycafe\client\hndclient.exe

The file hndclient.exe has been discovered within the following program.

handyCafe Client by Ates Software

This is the ad-supported client for connecting to a handyCafe enabled platform.

www.handycafe.com

About 1% of users remove it

Scan hndclient.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.