home

PATRIOT VIPER MOUSE.EXE

PATRIOT VIPER MOUSE

Areson Technology

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘PATRIOT VIPER MOUSE’.
Publisher:
PATRIOT  (signed by Areson Technology)

Product:
PATRIOT VIPER MOUSE

Version:
1.0.0.1

MD5:
47fc27390e0e96716edc125a477b2414

SHA-1:
4d302eb9486739d7d21e0f99d4c8b769a33e70a7

SHA-256:
bf4ed896874b17572814401d99db47a7569f6c7f6b6a326adbfaa8ab98b3bfe0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/7/2024 7:08:43 AM UTC  (today)

File size:
6.5 MB (6,766,072 bytes)

Product version:
1.0.0.1

Original file name:
PATRIOT VIPER MOUSE.EXE

File type:
Executable application (Win32 EXE)

Language:
Chinese (Traditional, Taiwan)

Common path:
C:\Program Files\patriot viper mouse\patriot viper mouse.exe

Digital Signature
Signed by:
Areson Technology

Authority:
VeriSign, Inc.

Valid from:
9/4/2012 5:00:00 PM

Valid to:
9/5/2015 4:59:59 PM

Subject:
CN=Areson Technology, OU=R&D, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Areson Technology, L=New Taipei City, S=Taiwan, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
11C80B1F9027483C59F1799F3A57FC6D

File PE Metadata
Compilation timestamp:
7/27/2015 7:29:24 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
196608:XF/2ydt4IXfi6+IqzyBCBq2FLOyomFHKnP5:1VtDf7+IqzyQBJFM

Entry address:
0x79961

Entry point:
E8, 61, 5A, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, C0, 36, 4B, 00, 75, 02, F3, C3, E9, CC, 17, 00, 00, 56, 6A, 04, 6A, 20, E8, C5, 5F, 00, 00, 59, 59, 8B, F0, 56, FF, 15, FC, 51, 49, 00, A3, B0, 28, 4F, 00, A3, AC, 28, 4F, 00, 85, F6, 75, 05, 6A, 18, 58, 5E, C3, 83, 26, 00, 33, C0, 5E, C3, 6A, 0C, 68, 18, F7, 4A, 00, E8, 8B, 1A, 00, 00, 83, 65, E4, 00, E8, FA, 46, 00, 00, 83, 65, FC, 00, FF, 75, 08, E8, 23, 00, 00, 00, 59, 8B, F0, 89, 75, E4, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 8B, C6, E8, A2, 1A...
 
[+]

Entropy:
7.6818

Code size:
592 KB (606,208 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
PATRIOT VIPER MOUSE

Command:
"C:\Program Files\patriot viper mouse\patriot viper mouse.exe" \hide


Scan PATRIOT VIPER MOUSE.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.