» TPKeyBoard.exe
Overview
Analysis
File Details
Behaviors (1)

TPKeyBoard.exe

TPKeyBoard

Shanghai CooTek Information Technology Co.,Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘TouchPalKeyboard’.

File name:

TPKeyBoard.exe

Publisher:

Shanghai CooTek Information Technology Co.,Ltd. (signed and verified)

Product:

TPKeyBoard

Description:

TouchPalKeyBoard

Version:

1.0.0.0

MD5:

16c69c9c445e1c85f92d81a5f48d08c7

SHA-1:

9a82a025283af62997df01f88ec56c335e191b05

SHA-256:

87f1acf58f027f5249b95c4ea1092a0d5c7e684d61afbbd2cdcdc143b1ae7b11

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 4:28:03 AM UTC (today)

File size:

1.1 MB (1,144,392 bytes)

Product version:

1.0.0.0

Original file name:

TPKeyBoard.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\cootek\touchpal\keyboard\tpkeyboard.exe

Digital Signature

Signed by:

Shanghai CooTek Information Technology Co.,Ltd.

Authority:

WoSign eCommerce Services Limited

Valid from:

11/6/2013 11:46:47 PM

Valid to:

11/8/2014 11:04:33 PM

Subject:

E=joe.xie@cootek.cn, CN="Shanghai CooTek Information Technology Co.,Ltd.", O="Shanghai CooTek Information Technology Co.,Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:

1C2C1FD42B5D05

File PE Metadata

Compilation timestamp:

11/18/2013 11:53:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:ktgZV15m++rww1qdOOzc7fPYsedG+44XN+iYfZ99x4899gvtoz718Fgnk/ykyiAD:WMGM44U3xSokqX6bKpDdGmc2jO9CAFCn

Entry address:

0x1105DE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 90, 00, 00, 80, 10, 00, 00, 00, A8, 00, 00, 80, 18, 00, 00, 00, C0, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0A, 00, 02, 00, 00, 00, D8, 00, 00, 80, 03, 00, 00, 00, F0, 00, 00, 80, 04, 00, 00, 00, 08, 01, 00, 80, 05, 00, 00, 00, 20, 01... 
[+]

Entropy:

6.2999

Code size:

1.1 MB (1,107,456 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

TouchPalKeyboard

Command:

C:\Program Files\cootek\touchpal\keyboard\tpkeyboard.exe \fromrun

Scan TPKeyBoard.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.