home

hndclient.exe

HandyCafe Client

Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘hndclient’.
Publisher:
Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti  (signed and verified)

Product:
HandyCafe Client

Version:
3.4.1.4

MD5:
f001a3c45ab2f7a72ea480d01d0ba21e

SHA-1:
cb9c49728912eb5affea375fc0fc1a0121923106

SHA-256:
5f047ee7900395bf5a06867dadd4680005649206243016bdfe5759476a89d221

Scanner detections:
17 / 68

Status:
Clean  (17 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/26/2024 4:05:13 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11478435
357

Bitdefender
Trojan.Generic.11478435
1.0.20.220

Dr.Web
Trojan.DownLoader9.62261
9.0.1.044

Emsisoft Anti-Malware
Trojan.Generic.11478435
8.16.02.13.12

F-Secure
Trojan.Generic.11478435
11.2016-13-02_7

G Data
Trojan.Generic.11478435
16.2.25

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.9.0

Kaspersky
Trojan.Win32.Vilsel
14.0.0.670

McAfee
Artemis!909A4AE26C4A
5600.6491

MicroWorld eScan
Trojan.Generic.11478435
17.0.0.132

NANO AntiVirus
Trojan.Win32.MLW.dgrfhf
1.0.10.5081

Norman
Malware
11.20160213

nProtect
Trojan.Generic.11478435
15.04.02.01

Qihoo 360 Security
HEUR/QVM05.1.Malware.Gen
1.0.0.1015

Trend Micro House Call
TROJ_GEN.R0CBC0OHC14
7.2.44

Trend Micro
TROJ_GEN.R0CBC0OHC14
10.465.13

VIPRE Antivirus
Trojan.Win32.Generic!SB.0
38990

File size:
2.9 MB (3,008,888 bytes)

Product version:
3.4.14

Copyright:
Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti

Trademarks:
Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti

Original file name:
hndclient.exe

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\Program Files\handycafe\client\hndclient.exe

Digital Signature
Signed by:
Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti

Authority:
VeriSign, Inc.

Valid from:
11/17/2013 8:00:00 AM

Valid to:
11/18/2015 7:59:59 AM

Subject:
CN="Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti", L=Istanbul, S=TR, C=TR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6E54E478C4B86CD0A3A473682202D107

File PE Metadata
Compilation timestamp:
6/20/1992 6:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:5qQP7UjePQSVQKubB6mQuTNTI98eTAHTBNGkJx1+x8xcRJx1+x8xcVp:5ZP7U23gHTB9JL+xrRJL+xrVp

Entry address:
0x18C82C

Entry point:
55, 8B, EC, B9, 05, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, B8, 84, BF, 58, 00, E8, 46, AC, E7, FF, 8B, 1D, B0, 03, 5A, 00, 33, C0, 55, 68, 00, CA, 58, 00, 64, FF, 30, 64, 89, 20, 68, 10, CA, 58, 00, 6A, 00, 68, 01, 00, 1F, 00, E8, D5, B2, E7, FF, A3, B0, 88, 5A, 00, 83, 3D, B0, 88, 5A, 00, 00, 76, 10, A1, B0, 88, 5A, 00, 50, E8, D4, AE, E7, FF, E9, 5C, 01, 00, 00, 6A, 00, 68, 20, CA, 58, 00, E8, 8B, B8, E7, FF, 85, C0, 0F, 87, 48, 01, 00, 00, 68, 10, CA, 58, 00, 6A, 00, 6A, 00, E8, FD, AE, E7, FF, A3...
 
[+]

Entropy:
6.9910

Developed / compiled with:
Microsoft Visual C++

Code size:
1.5 MB (1,620,992 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
hndclient

Command:
C:\Program Files\handycafe\client\hndclient.exe


Scan hndclient.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.