desktopbarapp.exe

Desktop Dock

The application desktopbarapp.exe by Desktop Dock has been detected as a potentially unwanted program by 10 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DesktopBar’. While running, it connects to the Internet address server-54-192-206-201.atl50.r.cloudfront.net on port 443.
Publisher:
Desktop Dock  (signed and verified)

Version:
1.0.2.94

MD5:
ef53f87148a03e9ccf4c97c08aba9fc0

SHA-1:
863513f56278ddc0e10398f50c919cebf935ad23

SHA-256:
98a076c3c76f82f3096bc856fe944768616e44cd77a5e5f0d7127628ac67d1cb

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 12:02:40 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen7
8.3.1.6

Baidu Antivirus
PUA.Win32.Verti
4.0.3.15714

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Plugin.1095
9.0.1.0195

ESET NOD32
Win32/Verti.K potentially unwanted (variant)
9.11817

Fortinet FortiGate
W32/Verti.K
7/14/2015

K7 AntiVirus
Adware
13.205.16308

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.DesktopDock (M)
15.7.14.0

Trend Micro House Call
Suspicious_GEN.F47V0612
7.2.195

File size:
1.6 MB (1,713,688 bytes)

Product version:
1.0.2.94

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\desktop bar\desktopbarapp.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/8/2014 7:00:00 PM

Valid to:
5/8/2016 6:59:59 PM

Subject:
CN=Desktop Dock, O=Desktop Dock, STREET=44 Primrose Crescent, L=SUNDERLAND, S=Tyne and Wear, PostalCode=SR6 9RJ, C=GB

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
72D187E754B89EF452FF82C8A9DE9B

File PE Metadata
Compilation timestamp:
6/5/2015 9:45:32 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:CyxkgYBmK5fMFoKe0lvAcVNBbOCa0F8nYb2:CKkgYBn5fHn0l5bOC9uYa

Entry address:
0x57923

Entry point:
E8, F5, C2, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 48, F4, 55, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, 2F, 99, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, 49, B3, FF, FF, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC...
 
[+]

Entropy:
5.9552

Code size:
1 MB (1,091,584 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
DesktopBar

Command:
"C:\Program Files\desktop bar\desktopbarapp.exe"


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):
Connects to server-54-192-206-201.atl50.r.cloudfront.net  (54.192.206.201:443)

Remove desktopbarapp.exe - Powered by Reason Core Security