home

MemReport.EXE

イメージファイルブート 監視プログラム

Ark Information Systems inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MemReport.exe’.
Publisher:
株式会社 アーク情報システム  (signed by Ark Information Systems inc.)

Product:
イメージファイルブート 監視プログラム

Description:
イメージファイルブート 監視プログラム Version 1.0.2.1 for Vista

Version:
1, 0, 2, 1

MD5:
c5957c7c0fcf126e3f869eb95ab35d0f

SHA-1:
035b9b5c5808829effb76dfb2785f31bad8b5b67

SHA-256:
1090fe036412d9158dbfc7281cab8085df4886fd9b5b4c32ffd7a1f72d866f1f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 1:21:47 PM UTC  (today)

File size:
575.4 KB (589,216 bytes)

Product version:
1, 0, 2, 1

Copyright:
Copyright (C) 2004-2010 株式会社 アーク情報システム

Trademarks:
HD革命(R)

Original file name:
MemReport.EXE

File type:
Executable application (Win64 EXE)

Common path:
C:\Windows\System32\memreport.exe

Digital Signature
Signed by:
Ark Information Systems inc.

Authority:
VeriSign, Inc.

Valid from:
7/13/2009 9:00:00 AM

Valid to:
7/14/2010 8:59:59 AM

Subject:
CN=Ark Information Systems inc., OU=KH, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ark Information Systems inc., L=Chiyoda-Ku, S=Tokyo, C=JP

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6B8048A9DB4A06CCCA826B492D8C55AB

File PE Metadata
Compilation timestamp:
2/1/2010 4:54:25 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:0kiex13nuH1wEMQIPciKFZaqKjpWsHbGEXi3aWZO2o5WsdrMoWJjQoMgGPypzXMj:Xx13uVwEM7P9KF9CpWg/7WqMNFyP9

Entry address:
0x2F690

Entry point:
48, 83, EC, 28, E8, C7, 56, 00, 00, 48, 83, C4, 28, E9, 0E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8D, 05, 47, 47, 02, 00, 8B, DA, 48, 8B, F9, 48, 89, 01, E8, 52, 57, 00, 00, F6, C3, 01, 74, 08, 48, 8B, CF, E8, 6D, 5A, FD, FF, 48, 8B, C7, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, C3, CC, CC, CC, CC, CC, CC, CC, 4C, 8D, 41, 11, 48, 83, C2, 11, 4C, 2B, C2, 66, 90, 66, 66, 90, 0F, B6, 0A, 42, 0F, B6, 04, 02, 2B, C8, 75, 08, 48, 83, C2, 01...
 
[+]

Entropy:
6.1058

Code size:
293 KB (300,032 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MemReport.exe

Command:
C:\Windows\System32\memreport.exe


Scan MemReport.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.