home

itcurusr.exe

LIGHT STAR INFORMATION CO., LTD.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SmartIT Client’.
Publisher:
Light Star Information  (signed by LIGHT STAR INFORMATION CO., LTD.)

Description:
SmartIT Client Current User

Version:
7

MD5:
e929175c41e285f023b68ce60bc6d1db

SHA-1:
8b2aa1092e01f2c91812864bdb75d1e73666738a

SHA-256:
2a3ad7b2581e72b8daf8e342c9dd78bb552bf937e0f786191aa22d37e64ef14a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/27/2024 3:18:36 AM UTC  (today)

File size:
975.6 KB (999,064 bytes)

Copyright:
Copyright (c) Light Star Information 2011

Original file name:
lsass.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
LIGHT STAR INFORMATION CO., LTD.

Authority:
VeriSign, Inc.

Valid from:
1/4/2010 8:00:00 AM

Valid to:
1/7/2013 7:59:59 AM

Subject:
CN="LIGHT STAR INFORMATION CO., LTD.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="LIGHT STAR INFORMATION CO., LTD.", L=Taipei, S=Taiwan, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
616E97135B6E781B39D64B78AB3E8938

File PE Metadata
Compilation timestamp:
6/20/1992 6:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:kA0aiBWV93eL5bzWmQQ/rBSBe2q41thNYl/sXwTU+ZkEs:kA0i9O9bJtSBbf1tXYlEgTPZkEs

Entry address:
0xCE8B0

Entry point:
55, 8B, EC, 83, C4, F0, B8, 20, E2, 4C, 00, E8, E0, 8A, F3, FF, A1, 24, 70, 4D, 00, 8B, 00, E8, CC, E6, F8, FF, 8B, 0D, AC, 6E, 4D, 00, A1, 24, 70, 4D, 00, 8B, 00, 8B, 15, 90, BC, 4C, 00, E8, CC, E6, F8, FF, A1, 24, 70, 4D, 00, 8B, 00, E8, 40, E7, F8, FF, E8, F3, 61, F3, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.6517

Developed / compiled with:
Microsoft Visual C++

Code size:
822.5 KB (842,240 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SmartIT Client

Command:
C:\smartit\itcurusr.exe


Scan itcurusr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.