home

vrmonnt.exe

vrmonnt

Hauri, Inc

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Vrmon’.
Publisher:
HAURI  (signed by Hauri, Inc)

Product:
vrmonnt

Version:
2009, 12, 15, 1

MD5:
c888998dafdbe4b3bcb0299930cc55df

SHA-1:
b681545304a5450148b8292d7f04ac039639d77f

SHA-256:
8a3f16a0175520475c455b5f68148798163795407252234460ba56b63d40e955

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/7/2024 4:31:24 AM UTC  (today)

File size:
411.1 KB (420,976 bytes)

Product version:
2004, 11, 4, 1

Copyright:
Copyright (C) HAURI Inc.

Original file name:
vrmonnt

File type:
Executable application (Win64 EXE)

Language:
Korean

Common path:
C:\Program Files\hauri\common\base\vrmonnt.exe

Digital Signature
Signed by:
Hauri, Inc

Authority:
VeriSign, Inc.

Valid from:
6/11/2009 7:00:00 PM

Valid to:
6/12/2010 6:59:59 PM

Subject:
CN="Hauri, Inc", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Hauri, Inc", L=Jongno-gu, S=Seoul, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0AE19403B4A6D6F9F816BFAA465E44EA

File PE Metadata
Compilation timestamp:
12/14/2009 11:05:43 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:jdOOtncBHIbYrolmwB6xebR+nLL6XwWqQ:jdPnYHjr0mk6xebq6X4Q

Entry address:
0x25D80

Entry point:
48, 83, EC, 28, E8, 17, 99, 00, 00, 48, 83, C4, 28, E9, 0E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 6C, 24, 10, 48, 89, 74, 24, 18, 48, 89, 7C, 24, 20, 41, 54, 48, 83, EC, 50, 40, 32, F6, 4D, 85, C0, 44, 8B, E2, 40, 88, 74, 24, 48, 48, 8B, D9, 75, 6A, E8, 6E, 43, 00, 00, 48, 8B, F8, 4C, 8B, 80, C0, 00, 00, 00, 48, 8B, A8, B8, 00, 00, 00, 4C, 3B, 05, 26, EA, 02, 00, 74, 13, 8B, 90, C8, 00, 00, 00, 85, 15, A0, E8, 02, 00, 75, 05, E8, F1, 3D, 00, 00, 48...
 
[+]

Entropy:
6.1691

Code size:
250 KB (256,000 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Vrmon

Command:
C:\Program Files\hauri\common\base\vrmonnt.exe


Scan vrmonnt.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.