home

attendcommunicator.exe

Lenvica Computer Solutions Pvt Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Attend Communicator’.
Publisher:
Lenvica Computer Solutions Pvt Ltd  (signed and verified)

MD5:
0a9c145696f54c662c56a21d215f13db

SHA-1:
55de22b9ef432d785d824969e41abc5e9f790b4e

SHA-256:
132b55f161ed2596293900d5c44f3940794e65224ec488c52ea72ebfd42ea954

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/14/2024 2:33:07 AM UTC  (today)

File size:
2 MB (2,133,688 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\attend hrm\bin\attendcommunicator.exe

Digital Signature
Signed by:
Lenvica Computer Solutions Pvt Ltd

Authority:
COMODO CA Limited

Valid from:
1/15/2014 2:00:00 AM

Valid to:
1/15/2017 1:59:59 AM

Subject:
CN=Lenvica Computer Solutions Pvt Ltd, O=Lenvica Computer Solutions Pvt Ltd, STREET="#10, Novel Business Center", STREET=BTM 1st Stage, L=Bangalore, S=Karnataka, PostalCode=560068, C=IN

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D082AA9AF6C30354CC52B532AFEA908E

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:iopV9rfq5UorYAHt428PWd2N/R24TSPALTOYAay4QJPoW5QOeSI21yL4G7vYRYUt:JFMcC18PJiALTYJI21yFvpRhJDDWQxVm

Entry address:
0x1B9998

Entry point:
55, 8B, EC, 83, C4, EC, 33, C0, 89, 45, EC, B8, 70, 8F, 5B, 00, E8, 5F, DB, E4, FF, 33, C0, 55, 68, 84, 9A, 5B, 00, 64, FF, 30, 64, 89, 20, 8B, 0D, A0, 50, 5C, 00, 8B, 09, 8D, 45, EC, BA, 98, 9A, 5B, 00, E8, EC, B4, E4, FF, 8B, 45, EC, E8, 90, B6, E4, FF, 50, 6A, FF, 6A, 00, E8, 4E, DD, E4, FF, A3, A0, AB, 5C, 00, 33, C0, 55, 68, 67, 9A, 5B, 00, 64, FF, 30, 64, 89, 20, 83, 3D, A0, AB, 5C, 00, 00, 74, 47, E8, 7D, DE, E4, FF, 3D, B7, 00, 00, 00, 74, 3B, A1, 3C, 59, 5C, 00, 8B, 00, E8, 3E, F0, EA, FF, A1, 3C...
 
[+]

Entropy:
6.6639

Developed / compiled with:
Microsoft Visual C++

Code size:
1.7 MB (1,805,312 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Attend Communicator

Command:
C:\Program Files\attend hrm\bin\attendcommunicator.exe


Scan attendcommunicator.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.