home

SciPms.exe

SCI PMS Module

Finger.Inc

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SciPms’.
Publisher:
(주)핑거  (signed by Finger.Inc)

Product:
SCI PMS Module

Description:
SCI PMS

Version:
1.0.1.8

MD5:
1064ea3f6f36a3bc7ac9005eed045e25

SHA-1:
d30767a05407495ca3db10d7622b4a0538818609

SHA-256:
99f7bc9ce70bf818786b59302048d3c5881134d6f9109b6d6a30239cd9a3303b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/18/2024 12:02:06 AM UTC  (today)

File size:
3.9 MB (4,058,528 bytes)

Product version:
1.0.1.8

Copyright:
Copyright (C) 2014 finger.inc. All rights reserved.

Original file name:
SciPms.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\sci\scipms.exe

Digital Signature
Signed by:
Finger.Inc

Authority:
Thawte, Inc.

Valid from:
7/8/2013 9:00:00 AM

Valid to:
9/7/2015 8:59:59 AM

Subject:
CN=Finger.Inc, O=Finger.Inc, L=Yeongdeungpo-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7F18DEFC96BE37F04BC448E595D6E2A5

File PE Metadata
Compilation timestamp:
2/5/2014 6:24:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:zWqec4FuDdlrQmBIEgt8WuBS1dWXD7typm2K8SB1VtR1gK7QaAZ/wP9ofPtPSSSj:Knc44D5I53WXD7typm2G3h0aAZglmGmC

Entry address:
0x4694A

Entry point:
E8, E5, 81, 00, 00, E9, 16, FE, FF, FF, 6A, 00, FF, 74, 24, 14, FF, 74, 24, 14, FF, 74, 24, 14, FF, 74, 24, 14, E8, 5D, 82, 00, 00, 83, C4, 14, C3, 8B, 4C, 24, 04, 53, 33, DB, 3B, CB, 56, 57, 74, 08, 8B, 7C, 24, 14, 3B, FB, 77, 1B, E8, 25, 09, 00, 00, 6A, 16, 5E, 89, 30, 53, 53, 53, 53, 53, E8, 66, 1B, 00, 00, 83, C4, 14, 8B, C6, EB, 31, 8B, 74, 24, 18, 3B, F3, 75, 04, 88, 19, EB, D9, 8B, D1, 8A, 06, 88, 02, 42, 46, 3A, C3, 74, 03, 4F, 75, F3, 3B, FB, 75, 10, 88, 19, E8, E9, 08, 00, 00, 6A, 22, 59, 89, 08...
 
[+]

Entropy:
3.8398

Code size:
372 KB (380,928 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SciPms

Command:
C:\users\{user}\appdata\sci\scipms.exe


Scan SciPms.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.