home

wtmkm.exe

Macro Key Manager Application

WALTOP International Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MacrokeyManager’.
Publisher:
WALTOP International Corporation  (signed and verified)

Product:
Macro Key Manager Application

Description:
Macro Key Manager MFC Application

Version:
1, 0, 0, 8

MD5:
c83bd0c25ef305f973ae4f9ba08b57e7

SHA-1:
15abc61e4e99a71e630b95d2eef9261becf38758

SHA-256:
34885cab40be5ed59c8ba84b823e6e13529d8a83e368453d60a28569d72276b2

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 7:21:06 AM UTC  (today)

File size:
5.3 MB (5,553,824 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2006

Original file name:
Macro Key Manager.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\wtmkm.exe

Digital Signature
Signed by:
WALTOP International Corporation

Authority:
VeriSign, Inc.

Valid from:
6/18/2008 7:00:00 PM

Valid to:
7/16/2009 6:59:59 PM

Subject:
CN=WALTOP International Corporation, OU=software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WALTOP International Corporation, L=HsinChu, S=Taiwan, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
389BC1BF24765992D68F165ED15963BB

File PE Metadata
Compilation timestamp:
6/22/2009 9:45:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:aetB1iaZWqjBBBJ2Ot6+M/n8HSkIG4Nw2Vp7QBEk9ki9m02DOQ5Kd8edEeEKWW98:aetB1i2jBBBJ2OA+HSc2D7ukdB2Yjj

Entry address:
0x14A0C

Entry point:
6A, 74, 68, 60, A2, 41, 00, E8, F4, 01, 00, 00, 33, DB, 89, 5D, E0, 53, 8B, 3D, F8, 70, 41, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03, C8, 81, 39, 50, 45, 00, 00, 75, 12, 0F, B7, 41, 18, 3D, 0B, 01, 00, 00, 74, 1F, 3D, 0B, 02, 00, 00, 74, 05, 89, 5D, E4, EB, 27, 83, B9, 84, 00, 00, 00, 0E, 76, F2, 33, C0, 39, 99, F8, 00, 00, 00, EB, 0E, 83, 79, 74, 0E, 76, E2, 33, C0, 39, 99, E8, 00, 00, 00, 0F, 95, C0, 89, 45, E4, 89, 5D, FC, 6A, 02, FF, 15, 04, 76, 41, 00, 59, 83, 0D, 24, E9, 41, 00, FF, 83...
 
[+]

Entropy:
4.0414

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
88 KB (90,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MacrokeyManager

Command:
wtmkm.exe


Scan wtmkm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.