home

KnowhowCloud.exe

Knowhow Cloud

DSG Retail Limited

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘KnowhowCloud’.
Publisher:
DSG Retail Limited  (signed and verified)

Product:
Knowhow Cloud

Description:
Knowhow Cloud Desktop Client

Version:
3, 0, 3, 50

MD5:
f7ce828adb5b38b9c00f40d6d621571a

SHA-1:
f53d30c125a48fcca3530147131c5f0cec39b049

SHA-256:
0e98fcac37d810162da91ebdd822e04da76b7d4d48245debbf8433ca6264c06f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/30/2024 11:02:34 AM UTC  (today)

File size:
4 MB (4,171,400 bytes)

Product version:
3, 0, 3, 50

Copyright:
Copyright (C) DSG Retail Limited 2014

Original file name:
KnowhowCloud.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\Program Files\knowhow cloud\knowhowcloud.exe

Digital Signature
Signed by:
DSG Retail Limited

Authority:
GlobalSign nv-sa

Valid from:
9/26/2013 12:45:51 PM

Valid to:
9/26/2016 12:45:51 PM

Subject:
CN=DSG Retail Limited, O=DSG Retail Limited, L=Hemel Hempstead, S=Hertfordshire, C=GB

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121495C263926CD3E019E9B697461E92DB5

File PE Metadata
Compilation timestamp:
10/29/2015 1:17:50 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:WH47zCi/sVt/iJsoGQWJ3yDNiooMvinyUqrkV9pvjkVIAnJRBB34qqQYB+g0cd4J:E/iuodUMNFvlkVDvjkVIwBekYcixPi

Entry address:
0x3DE2A4

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.3790

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
3.9 MB (4,047,872 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
KnowhowCloud

Command:
"C:\Program Files\knowhow cloud\knowhowcloud.exe" \setup


Scan KnowhowCloud.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.