» conemu64.exe
Overview
Analysis
File Details
Behaviors (1)

conemu64.exe

ConEmu

Open Source Developer, ConEmu-Maximus5

It runs as a scheduled task under the Windows Task Scheduler.

File name:

conemu64.exe

Publisher:

ConEmu-Maximus5 (signed by Open Source Developer, ConEmu-Maximus5)

Product:

ConEmu

Description:

Console Emulator (x64)

Version:

160724

MD5:

0b9316f0bfdbbfaa30152f7b3dad9de2

SHA-1:

19d038ccc3b48410392e7cacea3fc73acdaf3c65

SHA-256:

2aa638d0a01791d2f0eed19243ed4d368984d75406beb10919a627d1ea4ffba1

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/24/2024 2:03:38 AM UTC (today)

File size:

2.3 MB (2,376,416 bytes)

Product version:

160724

Original file name:

ConEmu.exe

File type:

Executable application (Win64 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\conemu\conemu64.exe

Digital Signature

Signed by:

Open Source Developer, ConEmu-Maximus5

Authority:

Unizeto Technologies S.A.

Valid from:

5/2/2016 4:31:18 AM

Valid to:

8/5/2016 5:00:00 PM

Subject:

E=ConEmu.Maximus5@gmail.com, CN="Open Source Developer, ConEmu-Maximus5", O=Open Source Developer, C=RU

Issuer:

CN=Certum Code Signing CA SHA2, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

3E7F6708F415D35803FA526792E35BB4

File PE Metadata

Compilation timestamp:

7/25/2016 1:41:50 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

49152:HxTrH7wPylwfFWOo6MOgsuinblTHdv0TLExzS3vv3jirr3jjWiTaOvifviOr5:HZoJlMHWvkExzS3vv3jirr3jjWiTaOvG

Entry address:

0x13DB44

Entry point:

48, 83, EC, 28, E8, 0B, 04, 00, 00, 48, 83, C4, 28, E9, 72, FE, FF, FF, CC, CC, 83, 25, 51, 51, 0F, 00, 00, C3, 48, 89, 5C, 24, 08, 55, 48, 8D, AC, 24, 40, FB, FF, FF, 48, 81, EC, C0, 05, 00, 00, 8B, D9, B9, 17, 00, 00, 00, E8, A7, 67, 01, 00, 85, C0, 74, 04, 8B, CB, CD, 29, 83, 25, 20, 51, 0F, 00, 00, 48, 8D, 4D, F0, 33, D2, 41, B8, D0, 04, 00, 00, E8, 4F, 0E, 00, 00, 48, 8D, 4D, F0, FF, 15, F5, B9, 01, 00, 48, 8B, 9D, E8, 00, 00, 00, 48, 8D, 95, D8, 04, 00, 00, 48, 8B, CB, 45, 33, C0, FF, 15, D3, B9, 01... 
[+]

Entropy:

6.1290

Code size:

1.3 MB (1,406,464 bytes)

Scheduled Task

Task name:

ConEmu 160724 starter ParentPID=2392

Scan conemu64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.