home

srmenu.exe

Win8 StartMenu

Admobile Limited

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘srmenu’.
Publisher:
wentutu.com  (signed by Admobile Limited)

Product:
Win8 StartMenu

Version:
1.0.0.5

MD5:
a5f33e810a0115560680b08ded0635f2

SHA-1:
723bc0a3f8f3592cb4a2d004e0641c7c7e45e3ad

SHA-256:
7b789afa52485d28ef14bc156c94d85c0dbe36e8a1f27e9f18faacd264f8ef36

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 7:05:46 AM UTC  (today)

File size:
1.3 MB (1,314,368 bytes)

Product version:
1.0.0.5

Copyright:
Copyright: (C) caixuan

Original file name:
antuMenu.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\super rabbit\sr\srmenu.exe

Digital Signature
Signed by:
Admobile Limited

Authority:
VeriSign, Inc.

Valid from:
10/24/2012 8:00:00 AM

Valid to:
10/25/2013 7:59:59 AM

Subject:
CN=Admobile Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Admobile Limited, L=Kowloon, S=Hongkong, C=HK

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
30C670F94322B188ECBE7A59C7171B49

File PE Metadata
Compilation timestamp:
10/19/2012 1:36:03 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:3NRg6roc5a2iWvGFgjzKc3wRqRoJHiI1H91Y5P/zvGgr6kNFX:3fg6cc5aUGc3wRqRoJHiI1H91Y5P/zv9

Entry address:
0x49B08

Entry point:
48, 83, EC, 28, E8, 4B, 63, 00, 00, 48, 83, C4, 28, E9, 16, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, B1, 32, 04, 00, 75, 11, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 02, F3, C3, 48, C1, C9, 10, E9, C1, 63, 00, 00, CC, 48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8D, 05, E7, 64, 02, 00, 8B, DA, 48, 8B, F9, 48, 89, 01, E8, EE, 64, 00, 00, F6, C3, 01, 74, 08, 48, 8B, CF, E8, 69, 36, FD, FF, 48, 8B, C7, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F...
 
[+]

Entropy:
6.3077

Code size:
402.5 KB (412,160 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
srmenu

Command:
C:\Program Files\wentutu\startmenu\srmenu.exe


Scan srmenu.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.