home

wtmkm.exe

Macro Key Manager Application

WALTOP International Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MacrokeyManager’.
Publisher:
WALTOP International Corporation  (signed and verified)

Product:
Macro Key Manager Application

Description:
Macro Key Manager MFC Application

Version:
1, 0, 0, 8

MD5:
9675c1009d6f546229602c4b351c99cb

SHA-1:
7ab2a29f529471eca35f62a73573b079db98db6f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 5:45:31 PM UTC  (today)

File size:
6 MB (6,254,312 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2006

Original file name:
Macro Key Manager.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\Windows\System32\wtmkm.exe

Digital Signature
Signed by:
WALTOP International Corporation

Authority:
VeriSign, Inc.

Valid from:
6/19/2009 9:00:00 AM

Valid to:
7/17/2010 8:59:59 AM

Subject:
CN=WALTOP International Corporation, OU=software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WALTOP International Corporation, L=HsinChu, S=Taiwan, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0BC4E5340CF9CD16938F237A5382B62A

File PE Metadata
Compilation timestamp:
2/9/2010 6:46:05 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:wPWRP6fxQ0jBBBJ2OA+iSc2DkukdB2YjJ4:wPWRP6pQf+ib2D+4

Entry address:
0x36EF0

Entry point:
E8, 13, 90, 00, 00, E9, 16, FE, FF, FF, B8, 29, 0A, 44, 00, A3, 70, 34, 46, 00, C7, 05, 74, 34, 46, 00, 25, 01, 44, 00, C7, 05, 78, 34, 46, 00, E3, 00, 44, 00, C7, 05, 7C, 34, 46, 00, 17, 01, 44, 00, C7, 05, 80, 34, 46, 00, 8D, 00, 44, 00, A3, 84, 34, 46, 00, C7, 05, 88, 34, 46, 00, A3, 09, 44, 00, C7, 05, 8C, 34, 46, 00, A3, 00, 44, 00, C7, 05, 90, 34, 46, 00, 0D, 00, 44, 00, C7, 05, 94, 34, 46, 00, 9C, FF, 43, 00, C3, E8, 9B, FF, FF, FF, E8, 4B, 9B, 00, 00, 83, 7C, 24, 04, 00, A3, 1C, 62, 46, 00, 74, 05...
 
[+]

Entropy:
4.4823

Code size:
308 KB (315,392 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MacrokeyManager

Command:
wtmkm.exe


Scan wtmkm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.