home

joinmeuiexec.exe

Dandong KEHUA Economic and Trade Co.,Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘JoinMEUIExec’.
Publisher:
Dandong KEHUA Economic and Trade Co.,Ltd  (signed and verified)

MD5:
c97474c7b0cac67231ef60fee7dc1da3

SHA-1:
2cd1487ec7349c533d4e02e199e96282ef3918b1

SHA-256:
70f566d5c06a78d54b109d0681dd447acff78502d4ba5fb7911f1536cfaf8a13

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/27/2024 4:12:23 AM UTC  (today)

File size:
135.4 KB (138,656 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\pc suite\join me\joinmeuiexec.exe

Digital Signature
Signed by:
Dandong KEHUA Economic and Trade Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
11/18/2011 8:00:00 AM

Valid to:
2/17/2013 7:59:59 AM

Subject:
CN="Dandong KEHUA Economic and Trade Co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Dandong KEHUA Economic and Trade Co.,Ltd", L=Dandong, S=Liaoning, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2AB8E55527F22CAF39D236C9802B47D3

File PE Metadata
Compilation timestamp:
5/17/2012 2:38:34 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:dRIcLUzek/9zuj81K7RtW22oxtRnPHsKP6oMXg6Rf5NX2FpRY:dTLUz08M3bxtRwpXF5NX2Fp

Entry address:
0x1FF3

Entry point:
E8, 64, 22, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, EA, 22, 00, 00, 3B, 0D, 4C, 31, 41, 00, 75, 02, F3, C3, E9, 69, 23, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, 82, 28, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, CC, 02, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, AF, 24, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, 1E, 24, 00, 00, 83...
 
[+]

Entropy:
5.9023

Code size:
55 KB (56,320 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
JoinMEUIExec

Command:
"C:\Program Files\pc suite\join me\joinmeuiexec.exe"


Scan joinmeuiexec.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.