home

plusi messenger_cn.exe

PLUSi Messenger

Saerom Information Systems, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘PLUSi Messenger_CN’.
Publisher:
LGCARE  (signed by Saerom Information Systems, Inc.)

Product:
PLUSi Messenger

Version:
2, 1, 4, 32

MD5:
ccb5434b5b94bc4037f052b04709458a

SHA-1:
5b4fb5d3a775b4bd1210f411d8781609cf08e5b9

SHA-256:
80579e9e2f6061d0270bb411bdf97b65172b4d619231027f93f90d037f0b2251

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/23/2024 11:49:11 AM UTC  (today)

File size:
1.6 MB (1,709,360 bytes)

Product version:
2, 1, 4, 32

Copyright:
Copyright ⓒ LG Care

Original file name:
PLUSi Messenger.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\lgcare\plusi messenger_cn\plusi messenger_cn.exe

Digital Signature
Signed by:
Saerom Information Systems, Inc.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
3/4/2010 8:00:00 AM

Valid to:
4/3/2012 7:59:59 AM

Subject:
CN="Saerom Information Systems, Inc.", OU=R&D Center, O="Saerom Information Systems, Inc.", L=Geumcheon-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
1154186EFA573006C9D8338AF3EFFB17

File PE Metadata
Compilation timestamp:
3/16/2010 10:33:55 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:pdt/PIghzGTWhAZYvBXIHyp79tbSk/Eb0IHlgg4CqvLixWrHN+:pdt/PIghzGCxYS1bSkMdRqvexq+

Entry address:
0x118D24

Entry point:
55, 8B, EC, 6A, FF, 68, C0, 3E, 55, 00, 68, 12, 8F, 51, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 54, 8D, 54, 00, 59, 83, 0D, E0, 90, 5A, 00, FF, 83, 0D, E4, 90, 5A, 00, FF, FF, 15, 50, 8D, 54, 00, 8B, 0D, C4, 8B, 5A, 00, 89, 08, FF, 15, 4C, 8D, 54, 00, 8B, 0D, C0, 8B, 5A, 00, 89, 08, A1, 48, 8D, 54, 00, 8B, 00, A3, DC, 90, 5A, 00, E8, 58, ED, F2, FF, 39, 1D, 50, D5, 59, 00, 75, 0C, 68, 3C, 8F, 51, 00, FF, 15, 44, 8D...
 
[+]

Entropy:
6.2971

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
1.3 MB (1,339,392 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
PLUSi Messenger_CN

Command:
C:\Program Files\lgcare\plusi messenger_cn\plusi messenger_cn.exe


Scan plusi messenger_cn.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.