» Station.exe
Overview
Analysis
File Details
Behaviors (1)

Station.exe

Universal Message Updater

OPTiM Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘UMU Station’.

File name:

Station.exe

Publisher:

OPTiM Corporation (signed and verified)

Product:

Universal Message Updater

Description:

UMU Station

Version:

1, 1, 8, 0

MD5:

634c1ce80b31b698f04c709d3e229967

SHA-1:

72feb11df90b84f2efd04cbac3fc6232c2b5083c

SHA-256:

ab68a08bab13dc48e59c3ce0a541c3402a59add67cf20d9bd97f58a9118e36e3

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 10:25:25 AM UTC (today)

File size:

810.1 KB (829,536 bytes)

Product version:

1, 1, 8, 0

Original file name:

Station.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\umu\station.exe

Digital Signature

Signed by:

OPTiM Corporation

Authority:

Thawte, Inc.

Valid from:

7/28/2010 9:00:00 AM

Valid to:

9/15/2012 8:59:59 AM

Subject:

CN=OPTiM Corporation, OU=SECURE APPLICATION DEVELOPMENT, O=OPTiM Corporation, L=Saga-City, S=Saga, C=JP

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

2B95040DA5766E7F3B4105C92B39711A

File PE Metadata

Compilation timestamp:

12/2/2010 4:39:36 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

24576:2rKuH9vC2wlSoGnbe5Awm0gsGEe1Tc5Eo2b0yELN:SH9TwsoGnbrwmkcT64E5

Entry address:

0x240610

Entry point:

60, BE, 00, 20, 58, 00, 8D, BE, 00, F0, E7, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Entropy:

7.9210

Packer / compiler:

UPX 2.90LZMA

Code size:

764 KB (782,336 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

UMU Station

Command:

"C:\Program Files\umu\station.exe" \startup

Scan Station.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.