HotkeyUtility.exe

MD5 Hash: 278c64b644c224b28e601381103811a6
SHA256 Hash: ff80c2dcdbb6954c84223b01b430a3a250a3937e6a77ad63627c1bdd94e86c6b
File size: 627304 bytes (613 KB.)
Last analysis: 24 Jul, 2018 12:41:14

Analysis MD5: 278c64b644c224b28e601381103811a6

Analysis of the file classifies it as a class A (Safe). The file is safe to use. The trust index of this analysis is 81 % (high).

A
B
C
D+
D
D-
E+
E
E-
F

Description

HotkeyUtility.exe is part of Hotkey Utility developed by Acer. This file is responsible for a hardware piece in your system. It offers additional configuration options and support for this device

Filename: HotkeyUtility.exe (Hotkey Utility)
Threat analysis: Safe
Analysis trust:
81%
Recent activity:
First seen: 21 Apr, 2012
Last seen: 24 Jul, 2018
Last analysis: 24 Jul, 2018
Possible infection: Clean

HotkeyUtility.exe Hotkey Utility

Application: Hotkey Utility
Developer: Acer
Stability:
76%
File version: 2.5.3505.0
File size: 627304 bytes (613 KB.)
Recent activity:
Historic activity:
CRC32 hash: 1415067797
MD5 hash: 278c64b644c224b28e601381103811a6
SHA1 hash: c1064288926a440f4ed06e405bf5db750d62e52d
SHA256 hash: ff80c2dcdbb6954c84223b01b430a3a250a3937e6a77ad63627c1bdd94e86c6b
A

Signature verification

Signed and verified

This file is signed. The publisher is verified.

Publisher Acer Incorporated
Product Hotkey Utility
Description Hotkey Utility
Signingdate 2011-08-11 05:58:00
Signers
Status

Expired

Signer trust
100%
Serial0A D6 DA F1 4C 6B E3 78 C0 E5 2A A7 80 D2 BC 0C
AlgorithmSHA1
Thumprint4A83D5D989CF9DED907E1C4B6561CEAFC50874C7
Valid usageCode Signing
Valid from2010-09-03 02:00:00
Valid to2013-09-14 01:59:00

Status

Valid

Signer trust
100%
Serial65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
AlgorithmSHA1
Thumprint12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Valid usageClient Auth, Code Signing
Valid from2009-05-21 02:00:00
Valid to2019-05-21 01:59:00

Status

Valid

Signer trust
100%
Serial3C 91 31 CB 1F F6 D0 1B 0E 9A B8 D0 44 BF 12 BE
AlgorithmSHA1
ThumprintA1DB6393916F17E4185509400415C70240B0AE6B
Valid usageServer Auth, Client Auth, Email Protection, Code Signing
Valid from1996-01-29 02:00:00
Valid to2028-08-03 01:59:00
Counter signers
Status

Expired

Signer trust
93%
Serial38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
AlgorithmSHA1
ThumprintADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Valid usageTimestamp Signing
Valid from2007-06-15 02:00:00
Valid to2012-06-15 01:59:00

Status

Expired

Signer trust
95%
Serial47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
AlgorithmSHA1
ThumprintF46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Valid usageTimestamp Signing
Valid from2003-12-04 02:00:00
Valid to2013-12-04 01:59:00

Status

Valid

Signer trust
88%
Serial00
AlgorithmMD5
ThumprintBE36A4562FB2EE05DBB3D32323ADF445084ED656
Valid usageTimestamp Signing
Valid from1997-01-01 02:00:00
Valid to2021-01-01 01:59:00
D+

File entropy

File entropy match: Encrypted

Parts of this file are encrypted. The reasons might be benign but it makes the analysis more difficult.

| 0 b.627304 b. |
Plain Data Text Code Compressed Encrypted Random

File signature

Microsoft Visual C++ 9.0 - Visual Studio 2008

C++ is a general purpose programming language that is free-form and compiled. It is regarded as an intermediate-level language, as it comprises both high-level and low-level language features. It provides imperative, object-oriented and generic programming features

The determination of a file type is done with a signature or magic-numbers. Files are identified using by comparing the first set of bytes in the file header. Using this method type of files are recognised no matter the extension used. This information is useful to for example recognise executable files cloaked as images or movies.


A

Malicious code scan

No malicious code found

Agics makes een analysis of the source code of the file. We look for comparisons with known malicious source code. This is a good way to detect new malicious files which are in fact variations of existing, and known malicious files.

Scan results:

0 %
A

Fuzzy hash a.k.a. Context Triggered Piecewise Hashing

SSDEEP

Context Triggered Piecewise Hashing, also called Fuzzy Hashing, can match inputs that have homologies. Such inputs have sequences of identical bytes in the same order, although bytes in between these sequences may be different in both content and length. Comparing a fuzzyhash is a good way to detect morphing malware. Malware which include random code in every copy to change its properties. Agics uses ssdeep to make create a fuzzyhash.

SSDEEP: 6144:yd+fd7L8wWjef8RIMmPLq48zHkz///QpBLUPljwhvsrrQVWif1DVs4s7OdCZokOz:ydwf8RnEL/Y/wPljwhv2stdPgM2Hw

No match found


A

Online virus scanners

Detection ration:

0 %
A

VirusShare.com

Not available on virusshare.com

VirusShare.com is a repository of malware samples to provide security researchers, incident responders, forensic analysts, and the morbidly curious access to samples of live malicious code. Presence of the sample on this site indicates that the file is (Once considered) being malicious.
Website: virusshare.com
B

National Software Reference Library

Not on the nsrl list

The NSRL contains a collection of digital signatures of known, traceable software applications. There are application hash values in the hash set which may be considered malicious, i.e. steganography tools and hacking scripts.
Website: www.nsrl.nist.gov

B

Behaviour

Sandbox behaviour analysis:

The file is executed in a safe environment to track its behaviour. The behaviour analysis can help with detecting new malware which is not recognized by virusscanners yet. However it has a high chance on a false-positive, especially with installers, uninstallers and virusscanners.

Network activity

No internet connection

Dropped files

File name md5

A

Import hashing

Imphash 7b40c34a80a96cf5d4f4a53ddcfd003b

Fingerprinting files can be done in various way. One way is to make a hash of the PE Imports. PE Imports are relative unique and this is a great way to find new variants of existing malware. The chance of false-positives is relative high. The resulting hash is often called an imphash.

0% Match0% Match
A

Statistic analysis

Statistic analysis of the file

High certificate trust
Deviates from other files with the same name (imitation)
The file does have a certificate
This is not a common file
B

Neural network analysis

Analysis: Low risk

A neural network is a type of artificial intelligence. It recognized patterns nog clear for a human viewer. Our neural network is surprisingly accurate in recognizing dangerous files. The value below is the predicted chance the file is malicious.

6%6 %

?

User feedback

Read feedback on this file from other users. Help other users by providing feedback yourself.

You can earn reputation points !

You are currently not logged in. Login, or Create an account

Feedback users:

There has been no user feedback provided yet.
You are not logged in. Only registered users can provide feedback. Login and help other users.

Login Create an account