home

wtmkm.exe

Macro Key Manager Application

WALTOP International Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MacroKeyManager’.
Publisher:
WALTOP International Corporation  (signed and verified)

Product:
Macro Key Manager Application

Description:
Macro Key Manager MFC Application

Version:
1, 0, 0, 6

MD5:
8cb76dcadc67d5de22668a2251dc2d5a

SHA-1:
a87e0a5decbb663e88f6ef09d0e4bf3eb973b5b6

SHA-256:
4b6f4362eef96cb8611c78443393c6f89d1b6d90ef9de2293cf3b70e343df022

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 4:21:54 AM UTC  (today)

File size:
3.1 MB (3,206,304 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2006

Original file name:
Macro Key Manager.EXE

File type:
Executable application (Win64 EXE)

Common path:
C:\Windows\System32\wtmkm.exe

Digital Signature
Signed by:
WALTOP International Corporation

Authority:
VeriSign, Inc.

Valid from:
6/19/2008 9:00:00 AM

Valid to:
7/17/2009 8:59:59 AM

Subject:
CN=WALTOP International Corporation, OU=software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WALTOP International Corporation, L=HsinChu, S=Taiwan, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
389BC1BF24765992D68F165ED15963BB

File PE Metadata
Compilation timestamp:
2/25/2009 8:20:22 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:jn6eE7Bl2qsBTJc06+M/PhddzUverADYBu919B:jCDbsBTJcj+R

Entry address:
0x1A3D0

Entry point:
48, 83, EC, 28, E8, 77, 03, 00, 00, 48, 83, C4, 28, E9, BE, FC, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 89, 4C, 24, 08, 48, 81, EC, 88, 00, 00, 00, 48, 8D, 0D, 9D, EE, 00, 00, FF, 15, 27, 0D, 00, 00, 48, 8B, 05, 88, EF, 00, 00, 48, 89, 44, 24, 58, 45, 33, C0, 48, 8D, 54, 24, 60, 48, 8B, 4C, 24, 58, E8, FD, 03, 00, 00, 48, 89, 44, 24, 50, 48, 83, 7C, 24, 50, 00, 74, 41, 48, C7, 44, 24, 38, 00, 00, 00, 00, 48, 8D, 44, 24, 48, 48, 89, 44, 24, 30, 48, 8D, 44, 24, 40, 48, 89, 44, 24...
 
[+]

Entropy:
4.1518

Code size:
103.5 KB (105,984 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MacroKeyManager

Command:
wtmkm.exe


Scan wtmkm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.