home

i-atm.exe

I-ATM SmartCard Service

InfoThink Technology Co., LTD.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘I-ATM’.
Publisher:
InfoThink Technology CO., LTD.  (signed by InfoThink Technology Co., LTD.)

Product:
I-ATM SmartCard Service

Description:
I-ATM SmartCard Application

Version:
3.4.2.0

MD5:
6a50794a6dfdc202536c1e2aca3aaa71

SHA-1:
3a5ac4bf6b9ba8f1511db653556d9dd85d7db50d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/6/2024 12:51:58 AM UTC  (today)

File size:
1006 KB (1,030,118 bytes)

Product version:
3.4.2.0

Copyright:
Copyright (c) InfoThink. 2003 - 2015

Original file name:
i-atm.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\it\i-atm\i-atm.exe

Digital Signature
Signed by:
InfoThink Technology Co., LTD.

Authority:
COMODO CA Limited

Valid from:
3/5/2013 8:00:00 AM

Valid to:
3/5/2016 7:59:59 AM

Subject:
CN="InfoThink Technology Co., LTD.", OU=I-TRAVEL, O="InfoThink Technology Co., LTD.", STREET="7F-1., No.510, Sec. 5, Zhongxiao E. Rd., Xinyi District, Taipei City 11083, Taiwan(R.O.C.)", L=Taipei City, S=Taipei, PostalCode=11077, C=TW

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
756DA513E4C4AA0E05AACBB13CFAEB33

File PE Metadata
Compilation timestamp:
10/5/2015 2:18:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:qdnTfC+qbh58WolIA0Qcnq0ch7wDhUizIgMDvtaXEqYi5W:qFjTq8WolI/nqvk+OIwXEZ

Entry address:
0xD2000

Entry point:
42, BB, 50, 05, F4, 18, 83, E8, 50, 68, 28, 20, 4D, 00, 59, BE, 9C, 05, 00, 00, 83, E8, 50, FF, 34, 31, B8, 50, 05, F4, 18, 31, 1C, 24, 90, 8F, 04, 31, 83, EE, 03, 4E, 75, E8, B8, 78, F5, 18, 50, 05, F4, 18, 50, 05, B4, 18, D4, 01, 43, 66, 78, F3, F8, 18, B6, 00, F9, 18, 50, B7, F6, 10, 51, 05, F4, 18, BC, B5, B1, 18, 20, C8, B2, 18, 2A, C8, B2, 18, A4, BA, F2, 18, 3E, C8, F2, 18, 28, C8, F2, 18, BC, B5, F1, 18, 3E, C8, F2, 18, 28, C8, F2, 18, 50, 05, F4, 18, 50, 05, F4, 18, 50, 05, F4, 18, 50, 05, F4, 18...
 
[+]

Entropy:
7.2071

Code size:
360 KB (368,640 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
I-ATM

Command:
C:\Program Files\it\i-atm\i-atm.exe


Scan i-atm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.