» ekstatusmonitor.exe
Overview
Analysis
File Details
Behaviors (1)

ekstatusmonitor.exe

KODAK AiO Printer Driver

Eastman Kodak Company

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘EKStatusMonitor’.

File name:

ekstatusmonitor.exe

Publisher:

Eastman Kodak Company (signed and verified)

Product:

KODAK AiO Printer Driver

Description:

Status Monitor for KODAK AiO Printer (32-Bit Intel(R) Pentium(TM) 4 Optimized Build)

Version:

7.8.3.0

MD5:

a8b837a543e6d5b2c23871138d1900d3

SHA-1:

f59ce23e6a226eb144cb8c502f19f1d3e31d014a

SHA-256:

afabcb336ef36b928f5573785f9910ee16b4563c44cee0662ea58f8e60f9e020

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

12/27/2024 3:48:30 AM UTC (today)

File size:

2.6 MB (2,750,840 bytes)

Product version:

7.8.3

Original file name:

EKAiO2MUI.EXE

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\kodak\aio\statusmonitor\ekstatusmonitor.exe

Digital Signature

Signed by:

Eastman Kodak Company

Authority:

VeriSign, Inc.

Valid from:

1/23/2012 12:00:00 AM

Valid to:

1/22/2015 11:59:59 PM

Subject:

CN=Eastman Kodak Company, OU=NexPress, OU=Digital ID Class 3 - Java Object Signing, O=Eastman Kodak Company, L=Rochester, S=NewYork, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

14100B5B5F8405B75D20111D4E87D2A7

File PE Metadata

Compilation timestamp:

12/11/2013 9:29:54 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

Entry address:

0x9E57B

Entry point:

E8, 68, 8D, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, E9, E5, 49, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, 27, C4, 01, 00, 8B, 45, 0C, 8B, 40, 04, 83, E0, FD, 8B, 4D, 0C, 89, 41, 04, 64, 8B, 3D... 
[+]

Entropy:

7.3569

Code size:

794 KB (813,056 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

EKStatusMonitor

Command:

C:\Program Files\kodak\aio\statusmonitor\ekstatusmonitor.exe

Scan ekstatusmonitor.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.