» marriottsprtcmdlaunch.exe
Overview
Analysis
File Details
Behaviors (1)

marriottsprtcmdlaunch.exe

HDXPlus SprtCmd Launcher

Marriott International

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘hdxplus’.

File name:

Publisher:

Marriott International (signed and verified)

Product:

HDXPlus SprtCmd Launcher

Version:

1.0.0.0

MD5:

ae33b1ff66819c3d8f323c5ee392431c

SHA-1:

9664207ad6a054e1f1382edbd1b5725e3ec356a9

SHA-256:

4fba52eeb8b968c05e910e66e497a3088efef2d0fa5f85fb5746869e1911764d

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

5/6/2024 7:09:56 PM UTC (today)

File size:

37.5 KB (38,376 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\Program Files\hdxplus\bin\marriottsprtcmdlaunch.exe

Digital Signature

Signed by:

Marriott International

Authority:

VeriSign, Inc.

Valid from:

1/4/2010 8:00:00 PM

Valid to:

1/4/2013 7:59:59 PM

Subject:

CN=Marriott International, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Marriott International, L=Gaithersburg, S=Maryland, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

2BD63309A8546004A255AACE2C609BDA

File PE Metadata

Compilation timestamp:

12/5/2009 6:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

768:dHJd0TpH2+bQ2dUWVX9Hfv1JMWmtLEJOyuBxG0D3mjfS3XJuM8YlGabCtP:dpgpHzb9dZVX9fHMvG0D3XJuM1CtP

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

6.4299

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

hdxplus

Command:

"C:\Program Files\hdxplus\bin\marriottsprtcmdlaunch.exe"

Scan marriottsprtcmdlaunch.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.