» schedulersvc.exe
Overview
Analysis
File Details
Behaviors (1)

schedulersvc.exe

AtomPark Software JSC

It runs as a separate (within the context of its own process) windows Service named “StaffCop Scheduler”.

File name:

schedulersvc.exe

Publisher:

AtomPark Software JSC (signed and verified)

MD5:

5e10a7f0c781d563a09630335142f4b4

SHA-1:

c615c2f536d3664557f2530008dddb153805821f

SHA-256:

4ba595c181cf130b181b8748de752f91558ba23814d03a29ce2f9ae7557c8fad

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

1/14/2025 10:23:28 PM UTC (today)

Scan engine

Detection

Engine version

McAfee

Program.Keylog-StaffCop

18.0.204.0

File size:

1.5 MB (1,623,400 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\staffcop\schedulersvc.exe

Digital Signature

Signed by:

AtomPark Software JSC

Authority:

VeriSign, Inc.

Valid from:

8/10/2011 3:00:00 AM

Valid to:

7/5/2012 2:59:59 AM

Subject:

CN=AtomPark Software JSC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=AtomPark Software JSC, L=Saint-Petersburg, S=Leningradskaja oblast, C=RU

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

10930E1355999887FC7776A9F9E96187

File PE Metadata

Compilation timestamp:

10/19/2011 12:17:19 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

10.0

CTPH (ssdeep):

49152:GMKWfsnIw9TNV2/a8lgBX0uScwh89k5H4DmrBVywRt5TtSwjugc9TZ5f0dt:yR+/a0cwhZKwb

Entry address:

0xEBF65

Entry point:

E8, AE, 45, 01, 00, E9, 95, FE, FF, FF, CC, 53, 57, 33, FF, 8B, 44, 24, 10, 0B, C0, 7D, 14, 47, 8B, 54, 24, 0C, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 10, 89, 54, 24, 0C, 8B, 44, 24, 18, 0B, C0, 7D, 13, 8B, 54, 24, 14, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 18, 89, 54, 24, 14, 0B, C0, 75, 1B, 8B, 4C, 24, 14, 8B, 44, 24, 10, 33, D2, F7, F1, 8B, 44, 24, 0C, F7, F1, 8B, C2, 33, D2, 4F, 79, 4E, EB, 53, 8B, D8, 8B, 4C, 24, 14, 8B, 54, 24, 10, 8B, 44, 24, 0C, D1, EB, D1, D9, D1, EA, D1, D8, 0B, DB, 75, F4, F7... 
[+]

Code size:

1.1 MB (1,203,200 bytes)

Service

Display name:

StaffCop Scheduler

Service name:

Scheduler

Type:

Win32OwnProcess

Scan schedulersvc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.