home

UserScanEngine.exe

AdminITy

NTT COMWARE CORPORATION

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘UserScanEngine’.
Publisher:
NTT COMWARE CORPORATION  (signed and verified)

Product:
AdminITy

Description:
UserScanEngine

Version:
5.2.2.5

MD5:
bf2854d11f8f331006f4ef185250e64e

SHA-1:
082c9d8a524ef5b154102eb212185672459c8f93

SHA-256:
3da5965502fa0bb056d6e815086ba655fe63f050513f914d27eeec9de21806de

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/28/2024 4:24:43 PM UTC  (today)

File size:
297.9 KB (305,016 bytes)

Product version:
5.2.2.5

Copyright:
Copyright(C) CORE CORPORATION 1999,2012/Copyright(C) NTT COMWARE 2004,2012

Trademarks:
AdminITy

Original file name:
UserScanEngine.exe

File type:
Executable application (Win64 EXE)

Digital Signature
Signed by:
NTT COMWARE CORPORATION

Authority:
GlobalSign nv-sa

Valid from:
5/16/2011 5:19:01 PM

Valid to:
5/16/2014 5:18:57 PM

Subject:
E=helpdesk@fsc24.com, CN=NTT COMWARE CORPORATION, OU=Service Coordination Division, O=NTT COMWARE CORPORATION, L=Shinagawa-ku, S=Tokyo, C=JP

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
0100000000012FF80EE3F7

File PE Metadata
Compilation timestamp:
1/16/2013 11:30:19 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:pzkeSFdnoK3VOaMmUX2At6D0z1PEVLHHvYuRMiq+:pLkNUX2CaVbA+zq

Entry address:
0x49DDA

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.1868

Code size:
288 KB (294,912 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
UserScanEngine

Command:
C:\scanv5\userscanengine.exe


Scan UserScanEngine.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.