home

OnekeyStudio.exe

Lenovo Onekey Theater Application

Lenovo (Beijing) Limited

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘OnekeyStudio’.
Publisher:
Lenovo  (signed by Lenovo (Beijing) Limited)

Product:
Lenovo Onekey Theater Application

Version:
2, 0, 1, 4

MD5:
527b89a06e62ef2f6c8a7bbf89f10797

SHA-1:
6e8e690ba6ba56020f17ea2b300e02f40789ad31

SHA-256:
f28c339a6600229b8e71a0c70d9b39ef44676c0b2aa41a7aa8cde2ffe5e84693

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/23/2024 6:32:07 PM UTC  (today)

File size:
758.4 KB (776,608 bytes)

Product version:
2.0

Copyright:
Lenovo (Beijing) Limited. All rights reserved.

Original file name:
OnekeyStudio.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\lenovo\onekey theater\onekeystudio.exe

Digital Signature
Signed by:
Lenovo (Beijing) Limited

Authority:
VeriSign, Inc.

Valid from:
12/8/2009 2:00:00 AM

Valid to:
1/8/2012 1:59:59 AM

Subject:
CN=Lenovo (Beijing) Limited, OU=IT, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Lenovo (Beijing) Limited, L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2EDBA85021EE00C973B5C5398B2E1155

File PE Metadata
Compilation timestamp:
12/18/2009 8:01:33 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

Entry address:
0x26CF0

Entry point:
48, 83, EC, 28, E8, D7, 59, 00, 00, 48, 83, C4, 28, E9, 0E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 66, 90, 66, 66, 66, 90, 66, 90, 48, 3B, 0D, F9, 43, 03, 00, 75, 11, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 02, F3, C3, 48, C1, C9, 10, E9, 51, 5A, 00, 00, CC, 48, 89, 5C, 24, 10, 56, 48, 83, EC, 60, 4D, 85, C9, 4D, 8B, D1, 49, 8B, F0, 48, 8B, DA, 4C, 8B, D9, 75, 2F, E8, 70, 24, 00, 00, 45, 33, C9, 45, 33, C0, C7, 00, 16, 00, 00, 00, 33, C0, 33, D2...
 
[+]

Entropy:
6.8758

Code size:
266.5 KB (272,896 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
OnekeyStudio

Command:
C:\Program Files\lenovo\onekey theater\onekeystudio.exe


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.