SndAst.exe

Sound Assist

北京彩云在线技术开发有限公司

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SoundAssist’.
Publisher:

Product:
Sound Assist

Version:
1.0. 0.72

MD5:
a4a58fee7a072622c971c49322d91c76

SHA-1:
9f28d32e81ffb256ad92be8c931b681dbaf592ee

SHA-256:
fb562c4800eaeb96d6c546f2dbfeab9edb91fb14ee22b72903cabe66cbd764c8

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 8:54:43 AM UTC  (today)

File size:
109.6 KB (112,240 bytes)

Product version:
1.0.0.78

Copyright:
Copyright LLX(C) 2014

Original file name:
SndAst.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Authority:
WoSign CA Limited

Valid from:
4/8/2014 3:30:18 PM

Valid to:
4/9/2016 3:30:18 PM

Subject:
CN=北京彩云在线技术开发有限公司, E=mark.li@duomi.com, O=北京彩云在线技术开发有限公司, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
74DD481AAFCED2E71D7BDED118AB86AE

File PE Metadata
Compilation timestamp:
11/17/2014 6:57:37 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
1536:G5zcSh/czDzzSynlSTQprcK/WIisWjcdOmA/yI3JYz0b1vd:Eba7SynlfOyOmOyI3JP

Entry address:
0x170B

Entry point:
E8, D0, 26, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 00, 30, 41, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, C4, 12, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 8D, 85, E4, FC, FF, FF, 6A, 4C, 6A, 00, 50, E8, 21, 2A, 00, 00, 8D, 85, E0, FC, FF, FF, 83, C4, 0C, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC...
 
[+]

Entropy:
6.2340

Code size:
49.5 KB (50,688 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SoundAssist

Command:
"C:\duomi\soundassist\sndast.exe" --type=background


Scan SndAst.exe - Powered by Reason Core Security