» PKIMonitor.exe
Overview
Analysis
File Details
Behaviors (1)

PKIMonitor.exe

eToken PKI client

Aladdin Knowledge Systems LTD

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘eTMonitor’.

File name:

PKIMonitor.exe

Publisher:

Aladdin Knowledge Systems, Ltd. (signed by Aladdin Knowledge Systems LTD )

Product:

eToken PKI client

Description:

PKIMonitor Application

Version:

5.1.57.0

MD5:

441df0ceeb86bd22c748da1d83dea7f5

SHA-1:

acd03a612f24a77e436cfd325fb68ee4d91158d2

SHA-256:

737a3409824d9129fa104cdf2d1cca78615ec3b162c96681f95f2cd99c312d86

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/19/2024 3:30:37 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

W32/Sality.AG

7.11.30.172

File size:

225.3 KB (230,752 bytes)

Product version:

5.1.57.0

Original file name:

PKIMonitor.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\aladdin\etoken\pkiclient\x32\pkimonitor.exe

Digital Signature

Signed by:

Aladdin Knowledge Systems LTD

Authority:

VeriSign, Inc.

Valid from:

8/25/2008 5:30:00 AM

Valid to:

8/26/2010 5:29:59 AM

Subject:

CN="Aladdin Knowledge Systems LTD ", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Aladdin Knowledge Systems LTD ", L=Tel Aviv, S=Israel, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

6BEA1E66D2B4A57E74CE91893FACE0D8

File PE Metadata

Compilation timestamp:

11/15/2009 4:09:33 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

3072:DA5gtFzYF+5xYrwcvzN74UaF6S7gI8hbD3j7KWrfEJ9OVIcNOBvkM:AgIU52XvzN74Ua9wnj7KWrfEbOTNOBf

Entry address:

0x13EBC

Entry point:

E8, 49, 04, 00, 00, E9, D9, FC, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 60, D8, 42, 00, 89, 0D, 5C, D8, 42, 00, 89, 15, 58, D8, 42, 00, 89, 1D, 54, D8, 42, 00, 89, 35, 50, D8, 42, 00, 89, 3D, 4C, D8, 42, 00, 66, 8C, 15, 78, D8, 42, 00, 66, 8C, 0D, 6C, D8, 42, 00, 66, 8C, 1D, 48, D8, 42, 00, 66, 8C, 05, 44, D8, 42, 00, 66, 8C, 25, 40, D8, 42, 00, 66, 8C, 2D, 3C, D8, 42, 00, 9C, 8F, 05, 70, D8, 42, 00, 8B, 45, 00, A3, 64, D8, 42, 00, 8B, 45, 04, A3, 68, D8, 42, 00, 8D, 45, 08, A3, 74, D8, 42, 00, 8B... 
[+]

Entropy:

5.3889

Code size:

108 KB (110,592 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

eTMonitor

Command:

"C:\Program Files\aladdin\etoken\pkiclient\x32\pkimonitor.exe"

Scan PKIMonitor.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.