wtmkm.exe

Macro Key Manager Application

WALTOP International Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MacroKeyManager’.
Scan wtmkm.exe - Powered by Reason Core Security
Publisher:
WALTOP International Corporation  (signed and verified)

Product:
Macro Key Manager Application

Description:
Macro Key Manager MFC Application

Version:
1, 0, 0, 8

MD5:
5d74541595113fefc62ec26481d4dbf5

SHA-1:
48c54b933e692e18456d1761cebb34af3fdf0e4d

SHA-256:
0a7c3b01f507ceb36c426a191f356efeb569b2965d30e480e2c93f7e28edbfd1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/9/2016 4:29:28 PM UTC  (today)

File size:
5.8 MB (6,104,296 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2006

Original file name:
Macro Key Manager.EXE

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\wtmkm.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/19/2009 2:00:00 AM

Valid to:
7/17/2010 1:59:59 AM

Subject:
CN=WALTOP International Corporation, OU=software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WALTOP International Corporation, L=HsinChu, S=Taiwan, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0BC4E5340CF9CD16938F237A5382B62A

File PE Metadata
Compilation timestamp:
9/25/2009 4:54:30 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:HcTy39iEuLSxjBBBJ2OA+iSc2DkukdB2Yj9s:8Tl5LSG+ib2D2s

Entry address:
0x543B0

Entry point:
48, 83, EC, 28, E8, 97, A7, 00, 00, 48, 83, C4, 28, E9, 0E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 8D, 05, B9, AB, 00, 00, 48, 8D, 0D, 42, BA, 00, 00, 48, 89, 05, 43, 0D, 04, 00, 48, 8D, 05, 44, AB, 00, 00, 48, 89, 0D, 2D, 0D, 04, 00, 48, 89, 05, 36, 0D, 04, 00, 48, 8D, 05, 7F, AB, 00, 00, 48, 89, 0D, 40, 0D, 04, 00, 48, 89, 05, 29, 0D, 04, 00, 48, 8D, 05, AA, AA, 00, 00, 48, 89, 05, 23, 0D, 04, 00, 48, 8D, 05, 5C, B9, 00, 00, 48, 89, 05, 25, 0D, 04, 00, 48, 8D, 05, AE, AA...
 
[+]

Entropy:
4.4604

Code size:
431 KB (441,344 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MacroKeyManager

Command:
wtmkm.exe


Scan wtmkm.exe - Powered by Reason Core Security