» voychkln.exe
Overview
Analysis
File Details
Behaviors (1)

voychkln.exe

University of Illinois

The program is a setup application that uses the Wise Installer installer. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Voyager Update Checker’.

File name:

voychkln.exe

Publisher:

University of Illinois (signed and verified)

MD5:

00c9f6f1954966b90b35785a75285377

SHA-1:

628097d8c0e7afba63d052cdc8fac27a860e6c08

SHA-256:

8a36eabe7ffc47dcbae1eb91e25e1a338264c48fed9a636b1c0063fdcfdfb136

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/28/2024 4:43:08 PM UTC (today)

File size:

128.4 KB (131,464 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Wise Installer

Language:

English (United States)

Digital Signature

Signed by:

University of Illinois

Authority:

VeriSign, Inc.

Valid from:

9/23/2010 7:00:00 PM

Valid to:

10/19/2013 6:59:59 PM

Subject:

CN=University of Illinois, OU=ILCSO, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=University of Illinois, L=Champaign, S=IL, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7FF341A45E9003338864FBF23318C7D7

File PE Metadata

Compilation timestamp:

4/8/1999 3:24:47 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:wsJ6EsHTfF//tl6DZWTot/MRK5qoYDQxvGW:w4W/yDOSUg5qoMtW

Entry address:

0x1000

Entry point:

55, 8B, EC, 81, EC, 78, 05, 00, 00, 53, 56, BE, 04, 01, 00, 00, 57, 8D, 85, 94, FD, FF, FF, 56, 33, DB, 50, 53, FF, 15, 34, 20, 40, 00, 8D, 85, 94, FD, FF, FF, 56, 50, 8D, 85, 94, FD, FF, FF, 50, FF, 15, 30, 20, 40, 00, 8B, 3D, 2C, 20, 40, 00, 53, 53, 6A, 03, 53, 6A, 01, 8D, 85, 94, FD, FF, FF, 68, 00, 00, 00, 80, 50, FF, D7, 83, F8, FF, 89, 45, FC, 0F, 84, 7B, 01, 00, 00, 8D, 85, 90, FC, FF, FF, 50, 56, FF, 15, 28, 20, 40, 00, 8D, 85, 98, FE, FF, FF, 50, 53, 8D, 85, 90, FC, FF, FF, 68, 10, 30, 40, 00, 50... 
[+]

Entropy:

7.8154

Packer / compiler:

Wise Installer Stub

Code size:

512 Bytes (512 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Voyager Update Checker

Command:

C:\ilcso\voycheck\voychkln.exe

Scan voychkln.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.