home

memopal.exe

Memopal Srl

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Memopal’.
Publisher:
Memopal Srl  (signed and verified)

MD5:
4cb3389ef16cb00f6d610a60c0bab574

SHA-1:
1431eb1113166accc1406d870bdfdeb92fa3352b

SHA-256:
9acd0b6c3434466db28c514bad934a74150695f16c2dc70e9d189605b8a66235

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 10:23:57 AM UTC  (today)

File size:
1.8 MB (1,836,544 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\memopal\memopal.exe

Digital Signature
Signed by:
Memopal Srl

Authority:
GoDaddy.com, Inc.

Valid from:
12/20/2012 4:08:25 PM

Valid to:
12/20/2014 4:08:25 PM

Subject:
CN=Memopal Srl, O=Memopal Srl, L=Roma, S=RM, C=IT

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
04692F6DBD5A67

File PE Metadata
Compilation timestamp:
8/4/2014 4:30:32 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:H7KdvhtwXhdW3HTfpwerp/oX9gF5koCPAvJ8:b2hmxQHTx7lagF5A

Entry address:
0x50C30

Entry point:
E8, 03, 04, 00, 00, E9, 37, FD, FF, FF, FF, 25, F0, 13, 51, 00, FF, 25, F8, 13, 51, 00, FF, 25, FC, 13, 51, 00, FF, 25, 0C, 14, 51, 00, FF, 25, 10, 14, 51, 00, FF, 25, 14, 14, 51, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 10, 43, 57, 00, 89, 0D, 0C, 43, 57, 00, 89, 15, 08, 43, 57, 00, 89, 1D, 04, 43, 57, 00, 89, 35, 00, 43, 57, 00, 89, 3D, FC, 42, 57, 00, 66, 8C, 15, 28, 43, 57, 00, 66, 8C, 0D, 1C, 43, 57, 00, 66, 8C, 1D, F8, 42, 57, 00, 66, 8C, 05, F4, 42, 57, 00, 66, 8C, 25, F0, 42, 57, 00, 66...
 
[+]

Code size:
1.1 MB (1,111,040 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Memopal

Command:
"C:\Program Files\memopal\memopal.exe" \delayed


Scan memopal.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.