» UsageMonitor.UI.App.exe
Overview
Analysis
File Details
Behaviors (1)

UsageMonitor.UI.App.exe

UsageMonitor.UI.App

RealityMine Limited

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘AnalyzeMe’.

File name:

Publisher:

RealityMine Ltd (signed by RealityMine Limited)

Product:

UsageMonitor.UI.App

Version:

1.2.1.0

MD5:

5ca6433fdd6289c73ad54f738f005e3d

SHA-1:

60690c43260fa62984a660bfd1df6cf72db4bb55

SHA-256:

e28da8fb0ba94e545205e1f895e04a148510ae8be1e7acd9c62ea1b29a02570c

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/25/2024 5:37:00 PM UTC (today)

File size:

834.4 KB (854,376 bytes)

Product version:

1.2.1.0

Original file name:

UsageMonitor.UI.App.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\analyzeme\usagemonitor.ui.app.exe

Digital Signature

Signed by:

RealityMine Limited

Authority:

GoDaddy.com, Inc.

Valid from:

3/10/2015 12:21:38 PM

Valid to:

2/23/2016 4:37:40 PM

Subject:

CN=RealityMine Limited, O=RealityMine Limited, L=Trafford Park, S=Manchester, C=GB

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

00C8A2374310489BDE

File PE Metadata

Compilation timestamp:

8/21/2015 2:18:59 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:eP2sXvvXShluY0KcO1e8oerGO+jiudjMN2sXvvXShbm:4nXSh4bz9O+jiudjMvnXShbm

Entry address:

0x8E26E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.1102

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

561 KB (574,464 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

AnalyzeMe

Command:

C:\Program Files\analyzeme\usagemonitor.ui.app.exe \startminimized

Scan UsageMonitor.UI.App.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.