home

SignPlugin.exe

SignPlugin v3

MINH THONG CARD SOLUTIONS CO LTD

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SignPlugin_v2’.
Publisher:
MINH THONG CARD SOLUTIONS CO LTD  (signed and verified)

Product:
SignPlugin v3

Version:
1.0.3.0

MD5:
056a48ee3bd5f972614b725b7e6f668a

SHA-1:
0050af1440314bea1c278817302ff2cbbfab42d9

SHA-256:
4de86a64d6b2eb61f28dfbb1df13604cdc666309c3b4e61ba7e0ff5b42869b4b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 8:38:27 AM UTC  (today)

File size:
2 MB (2,116,600 bytes)

Product version:
1.0.3.0

Copyright:
CopyRight (c) 2016 MINH THONG CARD SOLUTIONS CO LTD

Original file name:
SignPlugin.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\demo signplugin socket v2.0\signplugin.exe

Digital Signature
Signed by:
MINH THONG CARD SOLUTIONS CO LTD

Authority:
DigiCert Inc

Valid from:
7/26/2016 7:00:00 AM

Valid to:
7/30/2019 7:00:00 PM

Subject:
CN=MINH THONG CARD SOLUTIONS CO LTD, O=MINH THONG CARD SOLUTIONS CO LTD, L=Ho Chi Minh, S=Ho Chi Minh, C=VN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
062EC4D3B740656861747817E580B3FF

File PE Metadata
Compilation timestamp:
10/20/2016 10:12:30 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
49152:YZmZE9a+iJdPP+3v2QGO4veCn2Fe/il62lrrNx:YZVDH4veCn2IR6

Entry address:
0x41E81

Entry point:
E8, A0, 04, 00, 00, E9, 87, FE, FF, FF, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 53, 56, 6A, 17, E8, B7, BB, 0A, 00, 85, C0, 74, 05, 8B, 4D, 08, CD, 29, 33, F6, 8D, 85, DC, FC, FF, FF, 68, CC, 02, 00, 00, 56, 50, 89, 35, D0, 2B, 5E, 00, E8, A0, EF, 06, 00, 83, C4, 0C, 89, 85, 8C, FD, FF, FF, 89, 8D, 88, FD, FF, FF, 89, 95, 84, FD, FF, FF, 89, 9D, 80, FD, FF, FF, 89, B5, 7C, FD, FF, FF, 89, BD, 78, FD, FF, FF, 66, 8C, 95, A4, FD, FF, FF, 66, 8C, 8D, 98, FD, FF, FF, 66, 8C, 9D, 74, FD, FF, FF, 66, 8C, 85, 70, FD...
 
[+]

Entropy:
6.5728

Code size:
1.5 MB (1,534,976 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SignPlugin_v2

Command:
C:\Program Files\demo signplugin socket v2.0\signplugin.exe


Scan SignPlugin.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.