home

GKStart.exe

GuardKey 3.0

Changing Information Technology Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘GuardKey 3’.
Publisher:
ChangingTec.  (signed by Changing Information Technology Inc.)

Product:
GuardKey 3.0

Description:
GuardKey 3.0 Start

Version:
1.0.13.131

MD5:
52cffc0435ac2bd005a0ac0b244ff59a

SHA-1:
b52812c1d229efe46e3af7c8ac5e22ba76cbbfee

SHA-256:
d52623f4d141ffa73caa51ca02dfbc06bf26ae4c6320fde914f9b364b4a4c03f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 6:29:50 PM UTC  (today)

File size:
543.3 KB (556,304 bytes)

Product version:
3.0.0.1

Copyright:
(c) ChangingTec. All rights reserved.

Original file name:
GKStart.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\guardkey 3\gkstart.exe

Digital Signature
Signed by:
Changing Information Technology Inc.

Authority:
VeriSign, Inc.

Valid from:
4/15/2011 8:00:00 AM

Valid to:
4/15/2013 7:59:59 AM

Subject:
CN=Changing Information Technology Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Changing Information Technology Inc., L=Hsinchu, S=Taiwan, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
16CA0E906DCF44BF01547906BC9CB34E

File PE Metadata
Compilation timestamp:
2/4/2013 10:55:51 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:4oGGQzs8cbCW3i/EC/svUcHs/iymStWurRbAxEhVZOdjG7NmabBEYF6zDz28:Kzs8c2J/svUQnuFrBvVHj6tf

Entry address:
0x2C470

Entry point:
48, 83, EC, 28, E8, F7, 64, 00, 00, 48, 83, C4, 28, E9, 0E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 40, 53, 48, 83, EC, 40, 83, 3D, 33, D2, 03, 00, 00, 48, 63, D9, 75, 13, 48, 8B, 05, 27, 82, 03, 00, 8A, 04, 58, 83, E0, 04, 48, 83, C4, 40, 5B, C3, C6, 44, 24, 38, 00, E8, C1, 60, 00, 00, 4C, 8B, D8, 48, 89, 44, 24, 30, 48, 8B, 80, C0, 00, 00, 00, 48, 3B, 05, 1B, 82, 03, 00, 48, 89, 44, 24, 20, 49, 8B, 93, B8, 00, 00, 00, 48, 89, 54, 24, 28, 74, 23, 41, 8B, 8B, C8, 00, 00, 00, 85...
 
[+]

Entropy:
5.9585

Code size:
288.5 KB (295,424 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
GuardKey 3

Command:
"C:\Program Files\guardkey 3\gkstart.exe" -init


Scan GKStart.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.