» remotesound.exe
Overview
Analysis
File Details
Behaviors (1)

remotesound.exe

SCIENPIX, INC.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘RemoteSound’.

File name:

remotesound.exe

Publisher:

SCIENPIX, INC. (signed and verified)

MD5:

93527258ab7b1b3d0842d474ac59579e

SHA-1:

2a8038ee2b757a0f9c4cbc1f6065d493ab8baba1

SHA-256:

4af205eec52bded1a93a99cde49b7e917b919dab0ff8410eaa7a364ac98b94b3

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/26/2024 10:02:16 AM UTC (today)

Scan engine

Detection

Engine version

Clam AntiVirus

PUA.Win32.Packer.MasmTasm

0.98/18155

File size:

219.3 KB (224,512 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\remotesound\remotesound.exe

Digital Signature

Signed by:

SCIENPIX, INC.

Authority:

VeriSign, Inc.

Subject:

CN="SCIENPIX, INC.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="SCIENPIX, INC.", L=Gwangjin-gu, S=Seoul, C=KR

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5A90453A721B2FD5724D7184E49952DB

File PE Metadata

Compilation timestamp:

12/13/2011 1:49:32 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:m4Bx2DJuUawtoKxH+AB66Xqu8KIAXn4v9OZLy86DmLYOZXk:m4X2Dvxxwc

Entry address:

0x17E86

Entry point:

E8, 4D, 05, 00, 00, E9, 36, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, E8, F6, 42, 00, 89, 0D, E4, F6, 42, 00, 89, 15, E0, F6, 42, 00, 89, 1D, DC, F6, 42, 00, 89, 35, D8, F6, 42, 00, 89, 3D, D4, F6, 42, 00, 66, 8C, 15, 00, F7, 42, 00, 66, 8C, 0D, F4, F6, 42, 00, 66, 8C, 1D, D0, F6, 42, 00, 66, 8C, 05, CC, F6, 42, 00, 66, 8C, 25, C8, F6, 42, 00, 66, 8C, 2D, C4, F6, 42, 00, 9C, 8F, 05, F8, F6, 42, 00, 8B, 45, 00, A3, EC, F6, 42, 00, 8B, 45, 04, A3, F0, F6, 42, 00, 8D, 45, 08, A3, FC, F6, 42... 
[+]

Code size:

102.5 KB (104,960 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

RemoteSound

Command:

C:\Program Files\remotesound\remotesound.exe -hide

Scan remotesound.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.