home

ch.exe

Copy Handler 1.40rc3

Open Source Developer, Józef Starosczyk

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Copy Handler’.
Publisher:
Open Source Developer, Józef Starosczyk  (signed and verified)

Product:
Copy Handler 1.40rc3

Version:
1.40rc3

MD5:
199abb2cd8346e2941787e0f3a3b3e9d

SHA-1:
16f84dd049cd40fab35b83c0fe24c55049a35b95

SHA-256:
eca6e8779a7e7bdc5e5fb2d1127a0469f80fbc0e194cdc34701c289b99eb066f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 12:15:06 AM UTC  (today)

File size:
1.1 MB (1,194,616 bytes)

Product version:
1.40rc3

Copyright:
Copyright (C) 2001-2016 Józef Starosczyk

Original file name:
Copy Handler.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\copy handler\ch.exe

Digital Signature
Signed by:
Open Source Developer, Józef Starosczyk

Authority:
Unizeto Technologies S.A.

Valid from:
1/11/2016 1:02:14 AM

Valid to:
1/10/2017 1:02:14 AM

Subject:
E=ixen@copyhandler.com, CN="Open Source Developer, Józef Starosczyk", O=Open Source Developer, C=PL

Issuer:
CN=Certum Level III CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
6A8CA74C28DB4978F2ACE8BC61A3BDEA

File PE Metadata
Compilation timestamp:
3/20/2016 11:40:10 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:9ojpQy5FCmOqFSgpy/ni3pPyPAwuV0PDcu/:9X3qFn30yIou/

Entry address:
0x8905C

Entry point:
E8, F3, 0A, 00, 00, E9, 03, FE, FF, FF, FF, 25, 2C, 74, 4C, 00, FF, 25, 98, 75, 4C, 00, FF, 25, 94, 75, 4C, 00, 3B, 0D, 5C, C1, 4F, 00, 75, 02, F3, C3, E9, B0, 00, 00, 00, CC, FF, 25, 90, 75, 4C, 00, FF, 25, 8C, 75, 4C, 00, FF, 25, 88, 75, 4C, 00, FF, 25, 84, 75, 4C, 00, C7, 01, 60, 4B, 4D, 00, 8B, C1, C2, 04, 00, 8B, C1, C2, 04, 00, 55, 8B, EC, F6, 45, 08, 02, 56, 8B, F1, 74, 25, 57, 68, 94, 9C, 48, 00, 8D, 7E, FC, FF, 37, 6A, 0C, 56, E8, F3, 06, 00, 00, F6, 45, 08, 01, 74, 07, 57, E8, 95, EE, FF, FF, 59...
 
[+]

Entropy:
6.3444

Code size:
790 KB (808,960 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Copy Handler

Command:
C:\Program Files\copy handler\ch.exe


Scan ch.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.