» wtmkm.exe
Overview
Analysis
File Details
Behaviors (1)

wtmkm.exe

Macro Key Manager Application

WALTOP International Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MacrokeyManager’.

File name:

wtmkm.exe

Publisher:

WALTOP International Corporation (signed and verified)

Product:

Macro Key Manager Application

Description:

Macro Key Manager MFC Application

Version:

1, 0, 0, 7

MD5:

9eae1ad026db1ba982d01cb838a2bc42

SHA-1:

867665027757923e8ce197168182aaf650e11060

SHA-256:

1d6b774041911a9205f4b3818cf2635e92fa2d6389a57202950867fbf05e7b2e

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 10:34:52 PM UTC (today)

File size:

3 MB (3,161,760 bytes)

Product version:

1, 0, 0, 1

Original file name:

Macro Key Manager.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Windows\System32\wtmkm.exe

Digital Signature

Signed by:

WALTOP International Corporation

Authority:

VeriSign, Inc.

Valid from:

6/19/2008 2:00:00 AM

Valid to:

7/17/2009 1:59:59 AM

Subject:

CN=WALTOP International Corporation, OU=software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WALTOP International Corporation, L=HsinChu, S=Taiwan, C=TW

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

389BC1BF24765992D68F165ED15963BB

File PE Metadata

Compilation timestamp:

4/24/2009 7:08:43 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

12288:8Vzr0fhddzUverADYBu919sqsBTJc06+M/R:8VzxsBTJcj+O

Entry address:

0x13FDC

Entry point:

6A, 74, 68, 30, 92, 41, 00, E8, F4, 01, 00, 00, 33, DB, 89, 5D, E0, 53, 8B, 3D, F8, 60, 41, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03, C8, 81, 39, 50, 45, 00, 00, 75, 12, 0F, B7, 41, 18, 3D, 0B, 01, 00, 00, 74, 1F, 3D, 0B, 02, 00, 00, 74, 05, 89, 5D, E4, EB, 27, 83, B9, 84, 00, 00, 00, 0E, 76, F2, 33, C0, 39, 99, F8, 00, 00, 00, EB, 0E, 83, 79, 74, 0E, 76, E2, 33, C0, 39, 99, E8, 00, 00, 00, 0F, 95, C0, 89, 45, E4, 89, 5D, FC, 6A, 02, FF, 15, 04, 66, 41, 00, 59, 83, 0D, 24, C9, 41, 00, FF, 83... 
[+]

Developed / compiled with:

Microsoft Visual C++ v7.1

Code size:

84 KB (86,016 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

MacrokeyManager

Command:

wtmkm.exe

Scan wtmkm.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.