home

KaveXTDMonitor.exe

ROCCAT Kave XTD

Roccat GmbH

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Cm106Sound’.
Publisher:
CMedia  (signed by Roccat GmbH)

Product:
ROCCAT Kave XTD

Version:
0.1.0.27

MD5:
7a823dffb224461a17a88b81eb3ce43d

SHA-1:
ca001e97c3d50f956cba7946f27f75cc8465923a

SHA-256:
6f3621d018d1dfd43d21dc08e1f736cce81a970abf3dcc788036497d9ee6c295

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/23/2024 6:15:47 AM UTC  (today)

File size:
2.1 MB (2,200,688 bytes)

Product version:
0.1.0.27

Copyright:
Copyright (C) 2013

Original file name:
KaveXTDMonitor.exe

File type:
Executable application (Win64 EXE)

Language:
Chinese

Common path:
C:\Program Files\roccat\kave xtd headset\kavextdmonitor.exe

Digital Signature
Signed by:
Roccat GmbH

Authority:
VeriSign, Inc.

Valid from:
6/27/2011 2:00:00 AM

Valid to:
6/27/2014 1:59:59 AM

Subject:
CN=Roccat GmbH, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Roccat GmbH, L=Hamburg, S=Hamburg, C=DE

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
440CF4532541B6243E6F15998E86697D

File PE Metadata
Compilation timestamp:
9/12/2013 11:12:23 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:NY4P747h/xxlBhrIMkvqqnHci3UN7Ve/OI8Ty/ZaRacA0zXJ4X3jE:Nb07hRBhrIvCqjUBVG4Ty/ZaRK0TJoE

Entry address:
0x85D48

Entry point:
48, 83, EC, 28, E8, C7, 66, 00, 00, 48, 83, C4, 28, E9, 16, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, 41, BC, 10, 00, 75, 11, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 02, F3, C3, 48, C1, C9, 10, E9, 3D, 67, 00, 00, CC, 48, 89, 0D, 61, 57, 11, 00, C3, 40, 53, 48, 81, EC, E0, 05, 00, 00, 83, 64, 24, 70, 00, 48, 8D, 4C, 24, 74, 33, D2, 41, B8, 94, 00, 00, 00, E8, D8, 0C, 00, 00, 4C, 8D, 5C, 24, 70, 48, 8D, 84, 24, 10, 01, 00, 00, 48, 8D, 8C...
 
[+]

Code size:
1.1 MB (1,193,472 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Cm106Sound

Command:
C:\Program Files\roccat\kave xtd headset\kavextdmonitor.exe \h \d


Scan KaveXTDMonitor.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.