home

wtmkm.exe

Macro Key Manager Application

WALTOP International Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MacrokeyManager’.
Publisher:
WALTOP International Corporation  (signed and verified)

Product:
Macro Key Manager Application

Description:
Macro Key Manager MFC Application

Version:
1, 0, 0, 8

MD5:
df8a2f6e9cdd6534f70e92b25d0c0fe8

SHA-1:
cd0e6e0626da95865ebf1c17305c756b30b86af0

SHA-256:
7c34799d70f64679c8097447b4f078b28848c11e3f96e715ce8b139a88762df9

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/11/2024 2:23:27 AM UTC  (today)

File size:
5.3 MB (5,582,496 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2006

Original file name:
Macro Key Manager.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\wtmkm.exe

Digital Signature
Signed by:
WALTOP International Corporation

Authority:
VeriSign, Inc.

Valid from:
6/19/2008 5:30:00 AM

Valid to:
7/17/2009 5:29:59 AM

Subject:
CN=WALTOP International Corporation, OU=software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WALTOP International Corporation, L=HsinChu, S=Taiwan, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
389BC1BF24765992D68F165ED15963BB

File PE Metadata
Compilation timestamp:
7/6/2009 4:02:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:I7KhHsqjBBBJ2Ot6+M/n8HSkIG4Nw2Vp7QBEk9ki9m02DOQ5Kd8edEeEKWW9xpyI:I7GjBBBJ2OA+HSc2D7ukdB2Yjw

Entry address:
0x14C3C

Entry point:
6A, 74, 68, 70, A2, 41, 00, E8, F4, 01, 00, 00, 33, DB, 89, 5D, E0, 53, 8B, 3D, F8, 70, 41, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03, C8, 81, 39, 50, 45, 00, 00, 75, 12, 0F, B7, 41, 18, 3D, 0B, 01, 00, 00, 74, 1F, 3D, 0B, 02, 00, 00, 74, 05, 89, 5D, E4, EB, 27, 83, B9, 84, 00, 00, 00, 0E, 76, F2, 33, C0, 39, 99, F8, 00, 00, 00, EB, 0E, 83, 79, 74, 0E, 76, E2, 33, C0, 39, 99, E8, 00, 00, 00, 0F, 95, C0, 89, 45, E4, 89, 5D, FC, 6A, 02, FF, 15, 04, 76, 41, 00, 59, 83, 0D, 24, E9, 41, 00, FF, 83...
 
[+]

Entropy:
4.0601

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
88 KB (90,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MacrokeyManager

Command:
wtmkm.exe


Scan wtmkm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.