home

i-atm.exe

I-ATM SmartCard Service

InfoThink Technology Co., LTD.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘I-ATM’.
Publisher:
InfoThink Technology CO., LTD.  (signed by InfoThink Technology Co., LTD.)

Product:
I-ATM SmartCard Service

Description:
I-ATM SmartCard Application

Version:
3.4.3.0

MD5:
64a57da4f4649579298a633baac65ebf

SHA-1:
4284a9844ea6f477b2a46ea8abbe90ba7e59ac72

SHA-256:
b4806453300d7531118d224ceeca46ca74a6e58b2ed62e18f44712657ecedeb4

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/6/2024 1:00:33 AM UTC  (today)

File size:
1 MB (1,067,992 bytes)

Product version:
3.4.3.0

Copyright:
Copyright (c) InfoThink. 2003 - 2017

Original file name:
i-atm.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\it\i-atm\i-atm.exe

Digital Signature
Signed by:
InfoThink Technology Co., LTD.

Authority:
COMODO CA Limited

Valid from:
2/2/2016 8:00:00 AM

Valid to:
2/2/2019 7:59:59 AM

Subject:
CN="InfoThink Technology Co., LTD.", OU=I-TRAVEL, O="InfoThink Technology Co., LTD.", STREET="5F, 133, Hsin Hu 1st Rd,", L=Taipei City, S=Taipei, PostalCode=11494, C=TW

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B15BD493947EBF16C7ABF6396D5992C4

File PE Metadata
Compilation timestamp:
3/6/2017 4:45:25 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x437E2

Entry point:
E8, D1, 05, 00, 00, E9, 69, FE, FF, FF, 55, 8B, EC, 83, 25, 34, A4, 4A, 00, 00, 83, EC, 28, 53, 33, DB, 43, 09, 1D, A0, 70, 4A, 00, 6A, 0A, E8, 84, EC, FF, FF, 85, C0, 0F, 84, 6D, 01, 00, 00, 83, 65, F0, 00, 33, C0, 83, 0D, A0, 70, 4A, 00, 02, 33, C9, 56, 57, 89, 1D, 34, A4, 4A, 00, 8D, 7D, D8, 53, 0F, A2, 8B, F3, 5B, 89, 07, 89, 77, 04, 89, 4F, 08, 89, 57, 0C, 8B, 45, D8, 8B, 4D, E4, 89, 45, F8, 81, F1, 69, 6E, 65, 49, 8B, 45, E0, 35, 6E, 74, 65, 6C, 0B, C8, 8B, 45, DC, 6A, 01, 35, 47, 65, 6E, 75, 0B, C8...
 
[+]

Entropy:
6.9490

Code size:
535 KB (547,840 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
I-ATM

Command:
C:\Program Files\it\i-atm\i-atm.exe


Scan i-atm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.