» wtmkm.exe
Overview
Analysis
File Details
Behaviors (1)

wtmkm.exe

Macro Key Manager Application

WALTOP International Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MacroKeyManager’.

File name:

wtmkm.exe

Publisher:

WALTOP International Corporation (signed and verified)

Product:

Macro Key Manager Application

Description:

Macro Key Manager MFC Application

Version:

1, 0, 0, 8

MD5:

b61f3cddeccdb570e8a8c7c7dd9c9b54

SHA-1:

e155e3da665cf269545663596d9e4122475cdd35

SHA-256:

3a9c993af9642c4d9b2f2c484d22654cfaf9e3b2215602e649d1cb819c8ce3d4

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 10:16:36 PM UTC (today)

File size:

5.4 MB (5,624,992 bytes)

Product version:

1, 0, 0, 1

Original file name:

Macro Key Manager.EXE

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Windows\System32\wtmkm.exe

Digital Signature

Signed by:

WALTOP International Corporation

Authority:

VeriSign, Inc.

Valid from:

6/19/2008 3:00:00 AM

Valid to:

7/17/2009 2:59:59 AM

Subject:

CN=WALTOP International Corporation, OU=software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WALTOP International Corporation, L=HsinChu, S=Taiwan, C=TW

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

389BC1BF24765992D68F165ED15963BB

File PE Metadata

Compilation timestamp:

7/6/2009 1:36:25 PM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:1k3s08vBrDqjBBBJ2Ot6+M/n8iSkIG4Nw2VpkQBEk9ki9m02DOQ5Kd8edEeEKWWL:1k3s08IjBBBJ2OA+iSc2DkukdB2Yju

Entry address:

0x1B730

Entry point:

48, 83, EC, 28, E8, 77, 03, 00, 00, 48, 83, C4, 28, E9, BE, FC, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 89, 4C, 24, 08, 48, 81, EC, 88, 00, 00, 00, 48, 8D, 0D, DD, EA, 00, 00, FF, 15, F7, 09, 00, 00, 48, 8B, 05, C8, EB, 00, 00, 48, 89, 44, 24, 58, 45, 33, C0, 48, 8D, 54, 24, 60, 48, 8B, 4C, 24, 58, E8, FD, 03, 00, 00, 48, 89, 44, 24, 50, 48, 83, 7C, 24, 50, 00, 74, 41, 48, C7, 44, 24, 38, 00, 00, 00, 00, 48, 8D, 44, 24, 48, 48, 89, 44, 24, 30, 48, 8D, 44, 24, 40, 48, 89, 44, 24... 
[+]

Entropy:

4.1047

Code size:

108 KB (110,592 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

MacroKeyManager

Command:

wtmkm.exe

Scan wtmkm.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.