home

LenovoVolumeOSD.exe

Compal Electronics, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘LenovoVolumeOSD’.
Publisher:
Lenovo  (signed by Compal Electronics, Inc.)

Description:
LenonoVolumeOSD

Version:
1.38.0.1

MD5:
f061108d454b92b2a6833528e467af77

SHA-1:
9235344dead702d8b3948d80ddb6a6609d9d36d2

SHA-256:
e07a11432035b785237d900ad2e1f77d2ee4567673a43878ff0df62179ab2ffd

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 8:05:34 AM UTC  (today)

File size:
2.7 MB (2,873,200 bytes)

Product version:
1.38.0.1

Copyright:
Lenovo

Original file name:
LenovoVolumeOSD.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\lenovovolumeosd\lenovovolumeosd.exe

Digital Signature
Signed by:
Compal Electronics, Inc.

Authority:
VeriSign, Inc.

Valid from:
6/14/2011 8:00:00 AM

Valid to:
6/13/2012 7:59:59 AM

Subject:
CN="Compal Electronics, Inc.", OU=Software Application, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Compal Electronics, Inc.", L=Taipei, S=Taiwan, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6D3298DF4DB183323BCDDCFF3180B0E6

File PE Metadata
Compilation timestamp:
3/13/2012 6:25:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:p8EzAKd8xwCUkXOOmpa6xi93j5707o98wjfvSdeZEnSN3+2sMDS9kT/AcTcRD6oK:SEsme3VgAb3+W29+AcgRD6v

Entry address:
0xD889E

Entry point:
E9, DD, 4D, 13, 00, E9, 28, 41, 0A, 00, E9, E3, CD, 03, 00, E9, 2E, E7, 19, 00, E9, 19, D9, 12, 00, E9, 34, D1, 0A, 00, E9, 2F, 26, 05, 00, E9, 4A, 68, 04, 00, E9, C5, 58, 02, 00, E9, 30, B4, 1A, 00, E9, 1B, D9, 08, 00, E9, 26, D4, 05, 00, E9, 11, 1A, 03, 00, E9, BC, 5D, 02, 00, E9, F9, AF, 19, 00, E9, E2, 54, 15, 00, E9, ED, A7, 0C, 00, E9, 78, 6F, 0C, 00, E9, F3, EE, 03, 00, E9, 3E, B4, 1A, 00, E9, 59, D2, 17, 00, E9, F4, 01, 0D, 00, E9, EF, 9E, 08, 00, E9, 8A, 8A, 08, 00, E9, 7D, A5, 19, 00, E9, C0, 7A...
 
[+]

Entropy:
5.6849

Developed / compiled with:
Microsoft Visual C++ 8.0 (Debug)

Code size:
1.8 MB (1,835,008 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
LenovoVolumeOSD

Command:
C:\Program Files\lenovovolumeosd\lenovovolumeosd.exe


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.