home

IrDeskHlp.exe

ITAM-RC

Doctorsoft Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘IrDeskHlp’.
Publisher:
drsoft  (signed by Doctorsoft Co., Ltd.)

Product:
ITAM-RC

Description:
IrDeskHlp

Version:
1, 0, 0, 2

MD5:
4d77aecc126a92d592a45ffe56e8c1bb

SHA-1:
e7d682b83c3bcd1722e3a3944449be1b157df47d

SHA-256:
636bf8806427c0c392f9f140952df3a5f43a723ef59e6d6ca51f3ca7288585e3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/4/2024 4:33:38 AM UTC  (today)

File size:
53.5 KB (54,800 bytes)

Product version:
1, 0, 1, 2

Copyright:
Copyright (c) 2006 by Doctorsoft

Original file name:
IrDeskHlp.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\itam-rc\itam-rc client\irdeskhlp.exe

Digital Signature
Signed by:
Doctorsoft Co., Ltd.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
11/20/2006 8:55:09 PM

Valid to:
12/16/2008 5:15:32 PM

Subject:
CN="Doctorsoft Co., Ltd.", OU=Marketing Team, O="Doctorsoft Co., Ltd.", L=Gurogu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
1CC8D429EE8390A27830BC57C2182C3B

File PE Metadata
Compilation timestamp:
6/22/2007 4:59:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x300F

Entry point:
55, 8B, EC, 6A, FF, 68, 80, 81, 40, 00, 68, 28, 44, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 2C, 80, 40, 00, 33, D2, 8A, D4, 89, 15, 74, A6, 40, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 70, A6, 40, 00, C1, E1, 08, 03, CA, 89, 0D, 6C, A6, 40, 00, C1, E8, 10, A3, 68, A6, 40, 00, 6A, 01, E8, 93, 14, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, ED, 0B, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
5.5872

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
28 KB (28,672 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
IrDeskHlp

Command:
C:\Program Files\itam-rc\itam-rc client\irdeskhlp.exe


Scan IrDeskHlp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.