» wtmkm.exe
Overview
Analysis
File Details
Behaviors (1)

wtmkm.exe

Macro Key Manager Application

WALTOP International Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MacroKeyManager’.

File name:

wtmkm.exe

Publisher:

WALTOP International Corporation (signed and verified)

Product:

Macro Key Manager Application

Description:

Macro Key Manager MFC Application

Version:

1, 0, 0, 8

MD5:

dd37a4d6483c4847552166cd739d1821

SHA-1:

272aad8173d02bb06ea7cf91621263ede6cd1800

SHA-256:

3b05b2ba8958c835435f9131481ac41bc087bd59f93884b80c39f9211a8a7c67

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 8:31:34 PM UTC (today)

File size:

5.8 MB (6,103,784 bytes)

Product version:

1, 0, 0, 1

Original file name:

Macro Key Manager.EXE

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Windows\System32\wtmkm.exe

Digital Signature

Signed by:

WALTOP International Corporation

Authority:

VeriSign, Inc.

Valid from:

6/18/2009 8:00:00 PM

Valid to:

7/16/2010 7:59:59 PM

Subject:

CN=WALTOP International Corporation, OU=software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WALTOP International Corporation, L=HsinChu, S=Taiwan, C=TW

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0BC4E5340CF9CD16938F237A5382B62A

File PE Metadata

Compilation timestamp:

11/4/2009 1:34:07 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

24576:OcTy39iEuLSbjBBBJ2OA+iSc2DkukdB2Yje7:/Tl5LS4+ib2D17

Entry address:

0x543B0

Entry point:

48, 83, EC, 28, E8, 97, A7, 00, 00, 48, 83, C4, 28, E9, 0E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 8D, 05, B9, AB, 00, 00, 48, 8D, 0D, 42, BA, 00, 00, 48, 89, 05, 43, 0D, 04, 00, 48, 8D, 05, 44, AB, 00, 00, 48, 89, 0D, 2D, 0D, 04, 00, 48, 89, 05, 36, 0D, 04, 00, 48, 8D, 05, 7F, AB, 00, 00, 48, 89, 0D, 40, 0D, 04, 00, 48, 89, 05, 29, 0D, 04, 00, 48, 8D, 05, AA, AA, 00, 00, 48, 89, 05, 23, 0D, 04, 00, 48, 8D, 05, 5C, B9, 00, 00, 48, 89, 05, 25, 0D, 04, 00, 48, 8D, 05, AE, AA... 
[+]

Entropy:

4.4603

Code size:

431 KB (441,344 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

MacroKeyManager

Command:

wtmkm.exe

Scan wtmkm.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.