» smartool.exe
Overview
Analysis
File Details
Behaviors (1)

smartool.exe

smartool

Legendsoft China (Beijing) Technology Limited

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘smartray’.

File name:

smartool.exe

Publisher:

Beijing Tiandiyt Technology Limited (signed by Legendsoft China (Beijing) Technology Limited)

Product:

smartool

Description:

smartool application

Version:

0, 0, 0, 54

MD5:

903887d8c6c034d4c075f32a5adb0b6e

SHA-1:

66fc45fa683ab07907f2f2d0373d01287497e066

SHA-256:

adf50d3fe044a7b6576bc3f5e29757fc6d3ae30d3dd4d3e8cd1fe2af069eeca0

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 9:06:31 AM UTC (today)

File size:

243.5 KB (249,392 bytes)

Product version:

0, 0, 0, 2

Original file name:

smartool.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\smartool\smartool.exe

Digital Signature

Signed by:

Legendsoft China (Beijing) Technology Limited

Authority:

VeriSign, Inc.

Valid from:

9/25/2013 8:00:00 AM

Valid to:

9/26/2014 7:59:59 AM

Subject:

CN=Legendsoft China (Beijing) Technology Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Legendsoft China (Beijing) Technology Limited, L=Beijing, S=Beijing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

2AE510F67F419D78BD0C061A7C5C8220

File PE Metadata

Compilation timestamp:

3/25/2014 9:52:22 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

3072:DnoHm73N1rqcWZHj7yoammXd+DxJ5Q3Mkd1K1jPzGHy06f7I1l7pH:DnLN1rcqoaXsDxJC3Mk/K5PzGHMfS1

Entry address:

0x20CCE

Entry point:

6A, 60, 68, C0, F1, 42, 00, E8, 76, 03, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 6A, F4, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 10, C2, 42, 00, 8B, 4E, 10, 89, 0D, 9C, 4B, 43, 00, 8B, 46, 04, A3, A8, 4B, 43, 00, 8B, 56, 08, 89, 15, AC, 4B, 43, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, A0, 4B, 43, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, A0, 4B, 43, 00, C1, E0, 08, 03, C2, A3, A4, 4B, 43, 00, 33, F6, 56, 8B, 3D, 18, C2, 42, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03... 
[+]

Entropy:

6.4829

Developed / compiled with:

Microsoft Visual C++ v7.0

Code size:

172 KB (176,128 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

smartray

Command:

"C:\Program Files\smartool\smartool.exe" -tray

Scan smartool.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.