» xecurehsm_monitor.exe
Overview
Analysis
File Details
Behaviors (1)

xecurehsm_monitor.exe

SoftForum Co. LTD.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘xhsm’.

File name:

Publisher:

SoftForum Co. LTD. (signed and verified)

MD5:

aa24dd900ff44694466040a9c8207364

SHA-1:

e8e3114b0e7072c21114ad200cf248a49d11b05d

SHA-256:

f7ef056741cab3081b20e5a0ebb27fb6cc52cb075ad13f9127aece627ba2e09e

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 6:34:16 AM UTC (today)

File size:

696.4 KB (713,120 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\Program Files\softforum\xecurehsm\xecurehsm_monitor.exe

Digital Signature

Signed by:

SoftForum Co. LTD.

Authority:

VeriSign, Inc.

Valid from:

4/28/2011 9:00:00 AM

Valid to:

7/28/2012 8:59:59 AM

Subject:

CN=SoftForum Co. LTD., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SoftForum Co. LTD., L=Gangnam-gu, S=Seoul, C=KR

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

08036E8FB718D7BB447FA058A222BD04

File PE Metadata

Compilation timestamp:

12/29/2011 6:19:23 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:VUtfzSpepkTZ3f/N6jzVA7RA9+XV9nRTGfAZiPaB8aTKYGkpk:Gt2vd6jzVA7ZXboAIPaoYGh

Entry address:

0x3D340

Entry point:

48, 83, EC, 28, E8, 67, A8, 00, 00, 48, 83, C4, 28, E9, 0E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 6C, 24, 10, 48, 89, 74, 24, 18, 48, 89, 7C, 24, 20, 41, 54, 48, 83, EC, 50, 40, 32, F6, 4D, 85, C0, 44, 8B, E2, 40, 88, 74, 24, 48, 48, 8B, D9, 75, 6A, E8, BE, 33, 00, 00, 48, 8B, F8, 4C, 8B, 80, C0, 00, 00, 00, 48, 8B, A8, B8, 00, 00, 00, 4C, 3B, 05, E6, CB, 03, 00, 74, 13, 8B, 90, C8, 00, 00, 00, 85, 15, 60, CA, 03, 00, 75, 05, E8, F1, 90, 00, 00, 48... 
[+]

Entropy:

6.5625

Code size:

338 KB (346,112 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

xhsm

Command:

C:\Program Files\softforum\xecurehsm\xecurehsm_monitor.exe

Scan xecurehsm_monitor.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.