» viettelcacertmon.exe
Overview
Analysis
File Details
Behaviors (1)

viettelcacertmon.exe

Viettel-CA Token Moniter

MINH THONG CARD SOLUTIONS CO LTD

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ViettelCACertMon’.

File name:

Publisher:

Viettel-CA (signed by MINH THONG CARD SOLUTIONS CO LTD)

Product:

Viettel-CA Token Moniter

Version:

2.1.0.3

MD5:

27c5ceca9d662aee9197e9518b685e62

SHA-1:

be594b4c299aab56bed780f87bd642cf30ff2a86

SHA-256:

00847ac8ed098b180c3edc39037a637b3103644543378cc200c5a5067cc0f1f9

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/24/2024 2:00:57 PM UTC (today)

File size:

1.3 MB (1,343,376 bytes)

Product version:

2.1.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\viettel-ca\viettel-ca token manager v2.0\viettelcacertmon.exe

Digital Signature

Signed by:

MINH THONG CARD SOLUTIONS CO LTD

Authority:

Thawte, Inc.

Valid from:

7/15/2013 7:00:00 AM

Valid to:

7/16/2014 6:59:59 AM

Subject:

CN=MINH THONG CARD SOLUTIONS CO LTD, OU=IT Department, O=MINH THONG CARD SOLUTIONS CO LTD, L=Ho Chi Minh, S=Ho Chi Minh, C=VN

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7DECEFF77C9750C576FBEF8CEFC6D96F

File PE Metadata

Compilation timestamp:

12/17/2013 2:16:19 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:zEzoPgfSswG/5Gyzgf48uk0ZEDTG0o0ZQUeyMGCTpjArV:DP8TQyzS4MHoKQUVMDTO

Entry address:

0x100BF0

Entry point:

55, 8B, EC, B9, 09, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, B8, 5C, F5, 4F, 00, E8, 1C, 76, F0, FF, 8B, 35, 50, 83, 50, 00, 33, C0, 55, 68, 21, 0E, 50, 00, 64, FF, 30, 64, 89, 20, 8B, 06, E8, 0D, 37, FA, FF, 8D, 45, E8, E8, 05, F7, FE, FF, 8B, 55, E8, 8D, 45, EC, E8, 3A, 52, F0, FF, 8D, 45, EC, 50, 8D, 55, E4, A1, A4, 80, 50, 00, E8, ED, 73, F0, FF, 8B, 55, E4, 58, E8, 58, 53, F0, FF, 8B, 45, EC, E8, 30, 0C, FF, FF, 8B, D8, 8D, 55, DC, 8B, 06, E8, 28, 40, FA, FF, 8B, 45, DC, 8D, 55, E0, E8, C5... 
[+]

Entropy:

6.4642

Developed / compiled with:

Microsoft Visual C++

Code size:

1022.5 KB (1,047,040 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

ViettelCACertMon

Command:

"C:\Program Files\viettel-ca\viettel-ca token manager v2.0\viettelcacertmon.exe"

Scan viettelcacertmon.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.