home

MTAppDwn.exe

MEDITECHAppDwnld

Medical Information Technology, Inc.

It runs as a separate (within the context of its own process) windows Service named “MEDITECH Application Manager”.
Publisher:
Medical Information Technology, Inc.  (signed and verified)

Product:
MEDITECHAppDwnld

Description:
MEDITECH Application Manager

Version:
1, 0, 0, 52

MD5:
4383ef38d497b3b27d1b7c9059b9563d

SHA-1:
3f03a022a1fa50a527c0ffe9a5d9502dbffcd6b8

SHA-256:
5c2c590cde1cf02eb193e49591dbe2983fea85d1917325857a08c2ce43472049

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
5/5/2024 12:39:12 PM UTC  (today)

Scan engine
Detection
Engine version

Norman
ZBot.VZA
11.20150721

File size:
131 KB (134,168 bytes)

Product version:
1, 0, 0, 52

Copyright:
Copyright © 2010

Original file name:
MTAppDwn.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\meditech\mtappdwn.exe

Digital Signature
Signed by:
Medical Information Technology, Inc.

Authority:
VeriSign, Inc.

Valid from:
9/29/2010 8:00:00 PM

Valid to:
10/2/2011 7:59:59 PM

Subject:
CN="Medical Information Technology, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Medical Information Technology, Inc.", L=Westwood, S=Massachusetts, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
57874BA1A1AE052916A7F335AC30D3E5

File PE Metadata
Compilation timestamp:
10/29/2010 11:00:47 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
1536:4isYuzjjJ7GGvRZfsaPOBh5HIkOcWKQfDVDjZbEqqzsnE3/Bmhq7xNkd3qB3vcvZ:kZ+aPOFokVabUzsnE3/BmhYWdqMr7ubA

Entry address:
0x6FE4

Entry point:
55, 8B, EC, 83, C4, 9C, 56, 57, 53, 55, 53, E8, 94, 29, 01, 00, 5B, A3, DC, 0E, 42, 00, A3, E8, 0E, 42, 00, 53, E8, 01, 2A, 01, 00, 5B, 8B, F0, 53, 68, C8, 95, 42, 00, 56, E8, DB, 13, 00, 00, 5B, E8, 7E, 2B, 00, 00, BE, C8, 95, 42, 00, 0F, B6, 06, 46, 3C, 22, 75, 0A, 0F, B6, 06, 46, 3C, 22, 75, F8, EB, 08, 0F, B6, 06, 46, 3C, 20, 77, F8, 0F, B6, 06, 46, 3C, 20, 74, F8, 4E, 89, 35, 3C, AC, 42, 00, C7, 05, 9C, 91, 42, 00, 00, 00, 00, 00, 83, F8, FF, 74, 19, 0F, B6, 06, 3C, 20, 75, 03, 46, EB, F6, 3C, 2D, 74...
 
[+]

Entropy:
6.3426

Developed / compiled with:
Microsoft Visual C++

Code size:
101 KB (103,424 bytes)

Service
Display name:
MEDITECH Application Manager

Service name:
MTAppManager

Description:
MEDITECH Application Management Service Facilitates running the MEDITECH client software on Microsoft Windows Vista and Microsoft Windows Server 2008 operating systems. If this service is stopped, th

Type:
Win32OwnProcess


Scan MTAppDwn.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.