» padvishui.exe
Overview
Analysis
File Details
Behaviors (1)

padvishui.exe

Padvish

Amnpardaz Software Company

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Padvish EPS Interface Daemon’.

File name:

padvishui.exe

Publisher:

Amnpardaz Software Company (signed and verified)

Product:

Padvish

Description:

Padvish User Interface

Version:

2, 1, 142, 2162

MD5:

21e043d6a74e878b00bed142fb023a6d

SHA-1:

5bd2c3d65f6b9a25cce84f1ee0cfca8963d59bd4

SHA-256:

5b84caf08a67f18a92a6b03c574e0173b90fffc0891adeed9738fb3e2e2a0399

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

5/6/2024 10:11:57 PM UTC (today)

File size:

5.8 MB (6,127,040 bytes)

Product version:

2, 1, 142, 2162

Original file name:

APGUI.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Digital Signature

Signed by:

Amnpardaz Software Company

Authority:

Amnpardaz Software Company

Valid from:

5/10/2015 11:25:44 PM

Valid to:

12/31/2039 3:59:59 PM

Subject:

CN=Amnpardaz Software Company

Issuer:

CN=Amnpardaz Software Company

Serial number:

C3335F83AE6F4E9A4680534D191E9134

File PE Metadata

Compilation timestamp:

8/3/2016 8:31:13 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

98304:EdAJo6rg6OnKSLdH31wpi/nsnl/qAasq0al8SKuvwTWplK8:ELFJdHepmUlPaL0alxKuZlj

Entry address:

0x25EAAE

Entry point:

E8, 15, 0D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 00, 6B, 95, 00, E8, DC, 0A, 00, 00, 33, F6, 89, 75, E4, 89, 75, E0, FF, 15, F0, 42, 6C, 00, 0F, B7, D8, 89, 75, FC, 64, A1, 18, 00, 00, 00, 8B, 50, 04, 8B, FE, BE, 24, FD, 98, 00, 8B, CA, 33, C0, F0, 0F, B1, 0E, 85, C0, 74, 0B, 3B, C2, 75, F0, 33, F6, 46, 8B, FE, EB, 03, 33, F6, 46, 39, 35, 28, FD, 98, 00, 75, 0A, 6A, 1F, E8, 5D, 0B, 00, 00, 59, EB, 3B, 83, 3D, 28, FD, 98, 00, 00, 75, 2C, 89, 35, 28, FD, 98, 00, 68, 28, 67, 6C, 00, 68, 14, 67, 6C, 00, E8... 
[+]

Entropy:

7.0954

Code size:

2.8 MB (2,894,848 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Padvish EPS Interface Daemon

Command:

"C:\padviishh\padvish eps\padvishui.exe" --hidden

Scan padvishui.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.