home

KMEKeyBD.EXE

KMEKeyBD Application

Dritek System Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Office Keyboard’.
Publisher:
Dritek System Inc.  (signed and verified)

Product:
KMEKeyBD Application

Description:
KMEKeyBD MFC Application

Version:
1, 3, 0528, 6

MD5:
44d1b438556a13c6f63b4645d6d3c209

SHA-1:
4143be40de795f6be57912541604c3d0f9e52dab

SHA-256:
31554826824d73035dd02e2c300dba13e0d1ccacdbc8fe69e493159344d7c25a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/20/2024 1:13:25 AM UTC  (today)

File size:
4.8 MB (5,057,032 bytes)

Product version:
1, 3, 0528, 6

Copyright:
Copyright (C) 2007 Dritek System Inc.

Original file name:
KMEKeyBD.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\office keyboard\kmekeybd.exe

Digital Signature
Signed by:
Dritek System Inc.

Authority:
VeriSign, Inc.

Valid from:
10/17/2006 3:00:00 AM

Valid to:
10/17/2009 2:59:59 AM

Subject:
CN=Dritek System Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Dritek System Inc., L=Taipei City, S=Taiwan, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2F174E5260B0E8B1343C090603D5A29C

File PE Metadata
Compilation timestamp:
8/13/2007 10:07:16 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:2LDDE9Zb2I66uzRA9s3gE9Zb2I66uzRA9s3UE9Zb2I66uzRA9s3NE9Zb2I66uzRU:h66uzG9266uzG9e66uzG9t66uzG95

Entry address:
0xBDCC

Entry point:
55, 8B, EC, 6A, FF, 68, 20, E2, 40, 00, 68, 3C, C1, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, 38, D3, 40, 00, 59, 83, 0D, FC, E0, 41, 00, FF, 83, 0D, 00, E1, 41, 00, FF, FF, 15, 3C, D3, 40, 00, 8B, 0D, F0, E0, 41, 00, 89, 08, FF, 15, 50, D3, 40, 00, 8B, 0D, EC, E0, 41, 00, 89, 08, A1, 54, D3, 40, 00, 8B, 00, A3, F8, E0, 41, 00, E8, FE, 02, 00, 00, 39, 1D, A0, AC, 41, 00, 75, 0C, 68, 38, C1, 40, 00, FF, 15...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
48 KB (49,152 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Office Keyboard

Command:
C:\Program Files2\office~1\kmekeybd.exe task


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.