» startmenu.exe
Overview
Analysis
File Details
Behaviors (1)

startmenu.exe

PS Media s.r.o.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘StartMenu’.

File name:

startmenu.exe

Publisher:

PS Media s.r.o. (signed and verified)

Version:

1.2.0.0

MD5:

3e349e35c16721e024bf04dba0076da2

SHA-1:

12d744ac6316f6ff404a847b09fccb7cd484e2eb

SHA-256:

718b19289b42991b07a7367c0dc835fee348d2a52aaae25da7c8a0fa6a057948

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/26/2024 1:40:31 AM UTC (today)

File size:

3.1 MB (3,256,320 bytes)

Product version:

1.2.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\startmenu\startmenu.exe

Digital Signature

Signed by:

PS Media s.r.o.

Authority:

COMODO CA Limited

Valid from:

8/3/2012 2:00:00 AM

Valid to:

8/4/2014 1:59:59 AM

Subject:

CN=PS Media s.r.o., O=PS Media s.r.o., STREET=Oldrichovice 738, L=Trinec, S=CZ, PostalCode=73961, C=CZ

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A90261CA9C587C49C5A80CEBA70DE141

File PE Metadata

Compilation timestamp:

12/1/2012 5:18:55 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:E5hGpp6TjbGpySa50F/NQtYTvgp1vmHSVTBjEKCLuLWKr6qSKr6q9:E5AP6TEjQtYjgFbMKr6qSKr6q9

Entry address:

0x22DEE8

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, B4, 37, 62, 00, E8, FF, D5, DD, FF, 8B, 1D, 88, A1, 63, 00, 68, 8C, DF, 62, 00, 6A, FF, 6A, 00, E8, B7, 0A, DE, FF, 8B, 03, E8, B4, 7A, F1, FF, 8B, 03, B2, 01, E8, CB, 97, F1, FF, 8B, 0D, C0, 9E, 63, 00, 8B, 03, 8B, 15, F8, 1A, 62, 00, E8, B0, 7A, F1, FF, 8B, 0D, 20, 9E, 63, 00, 8B, 03, 8B, 15, 18, 7F, 61, 00, E8, 9D, 7A, F1, FF, 8B, 0D, C4, A4, 63, 00, 8B, 03, 8B, 15, 4C, 47, 61, 00, E8, 8A, 7A, F1, FF, 8B, 0D, 78, 9A, 63, 00, 8B, 03, 8B, 15, 44, 6E, 61, 00, E8, 77, 7A, F1... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

2.2 MB (2,281,472 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

StartMenu

Command:

C:\users\{user}\appdata\roaming\startmenu\startmenu.exe

Scan startmenu.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.