home

drmtibehwo.exe

MalTech Incorporation

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Microsoft Windows Driver’. The file has been seen being downloaded from tstdom.com and multiple other hosts.
Publisher:
MalTech Incorporation  (signed and verified)

MD5:
dc67f8fb2fdbd3f2a9b6bbceb983341d

SHA-1:
8ac21af6757d6e7226bb94adc46c42f826492f55

SHA-256:
7dc72d2fcbd3223ad034972ffda056c4637d642324bddbbf1f6c7ded6278091f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 10:33:38 AM UTC  (today)

File size:
281.5 KB (288,264 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\drmtibehwo.exe

Digital Signature
Signed by:
MalTech Incorporation

Authority:
MalTech Incorporation

Valid from:
6/28/2016 1:59:10 PM

Valid to:
6/29/2026 1:59:10 PM

Subject:
E=sales@maltech.net, CN=*.maltech.net, OU=MT Dept, O=MalTech Incorporation, L=Ankara, S=Central Anatolia, C=TR

Issuer:
E=sales@maltech.net, CN=*.maltech.net, OU=MT Dept, O=MalTech Incorporation, L=Ankara, S=Central Anatolia, C=TR

Serial number:
00CEB7057124641D8C

File PE Metadata
Compilation timestamp:
6/30/2016 2:49:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:lsEPBBo3vFoBcczO8zh6VnyynbeoEcTwlhUq:ls8vofFo2c3hEblEe6

Entry address:
0x27DEE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.1645

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
152 KB (155,648 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Microsoft Windows Driver

Command:
C:\users\cristian\m-50504587654899855689268498890003020\windrv.exe


The file drmtibehwo.exe has been seen being distributed by the following 2 URLs.

http://tstdom.com/.../ns.exe

http://hid2s.com/.../ns.exe

Scan drmtibehwo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.