FdSchedule.EXE

FdSchedule 응용 프로그램

FINAL DATA Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘WPM’.
Publisher:
FinalData  (signed by FINAL DATA Inc.)

Product:
FdSchedule 응용 프로그램

Version:
1, 0, 0, 1

MD5:
773b79414c001638245f1f482e6c09b4

SHA-1:
4f3440221c40e4d19a79895819d68a563133eaef

SHA-256:
638c2fadacce6bfc553941dc81e5f52ff79e35fac461c78adcd2505cbdd40741

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 5:20:08 AM UTC  (today)

File size:
1.2 MB (1,250,496 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 1999-2010

Original file name:
FdSchedule.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\finaldata\wpm\fdschedule.exe

Digital Signature
Signed by:

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
3/31/2010 7:00:00 PM

Valid to:
3/31/2012 6:59:59 PM

Subject:
CN=FINAL DATA Inc., O=FINAL DATA Inc., L=SEOUL, S=GYEONGGI-DO, C=KR

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
78FCF083D7C31C8291CB3F7C7EE2BE2A

File PE Metadata
Compilation timestamp:
9/10/2010 1:50:29 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:64ugiZrjETfMVRsjUwspDot98AnF5FXN0/OKvclGkK3gicM0KcFTfWdb5deDEisD:LMcTfivOblF5F90/OKvWkj09fWdbP8+

Entry address:
0xA5A31

Entry point:
E8, 84, BD, 00, 00, E9, 16, FE, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 40, C7, 4E, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 40, C7, 4E, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B...
 
[+]

Entropy:
6.3050

Code size:
764 KB (782,336 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WPM

Command:
"C:\Program Files\finaldata\wpm\fdschedule.exe" -startup


Scan FdSchedule.EXE - Powered by Reason Core Security