home

ch64.exe

Copy Handler

Open Source Developer, Józef Starosczyk

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Copy Handler’.
Publisher:
Open Source Developer, Józef Starosczyk  (signed and verified)

Product:
Copy Handler

Version:
1.45beta1

MD5:
5e232cec1234c728c1ddb921089b0351

SHA-1:
898cd27a1c9d51fd8d26533dee9d2d67522a026d

SHA-256:
848f6e24185b3f585618d79775e61d75a540264d3de07243c16f42a0af7093c4

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 1:37:26 AM UTC  (today)

File size:
1.8 MB (1,854,144 bytes)

Product version:
1.45beta1

Copyright:
Copyright (C) 2001-2016 Józef Starosczyk

Original file name:
ch.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\copy handler\ch64.exe

Digital Signature
Signed by:
Open Source Developer, Józef Starosczyk

Authority:
Unizeto Technologies S.A.

Valid from:
1/10/2017 12:00:00 AM

Valid to:
1/10/2018 12:00:00 AM

Subject:
E=ixen@copyhandler.com, CN="Open Source Developer, Józef Starosczyk", O=Open Source Developer, C=PL

Issuer:
CN=Certum Code Signing CA SHA2, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
57CB5AB60C230996057C501A1014D4F0

File PE Metadata
Compilation timestamp:
1/17/2017 9:31:11 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0xDABB0

Entry point:
48, 83, EC, 28, E8, 07, 0A, 00, 00, 48, 83, C4, 28, E9, A6, FD, FF, FF, FF, 25, 68, E0, 04, 00, 40, 53, 48, 83, EC, 20, 48, 83, 3D, F2, 06, 0C, 00, 00, 75, 36, BA, 08, 00, 00, 00, 8D, 4A, 18, FF, 15, 52, DF, 04, 00, 48, 8B, C8, 48, 8B, D8, FF, 15, 06, D7, 04, 00, 48, 89, 05, CF, 06, 0C, 00, 48, 89, 05, C0, 06, 0C, 00, 48, 85, DB, 75, 05, 8D, 43, 18, EB, 06, 48, 83, 23, 00, 33, C0, 48, 83, C4, 20, 5B, C3, CC, CC, 40, 53, 48, 83, EC, 20, 48, 8B, D9, 48, 8B, 0D, A0, 06, 0C, 00, FF, 15, AA, D6, 04, 00, 48, 89...
 
[+]

Entropy:
5.8242

Code size:
1.2 MB (1,207,808 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Copy Handler

Command:
C:\Program Files\copy handler\ch64.exe


Scan ch64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.