» desktopbarapp.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

desktopbarapp.exe

Desktop Dock

The application desktopbarapp.exe by Desktop Dock has been detected as a potentially unwanted program by 10 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DesktopBar’. While running, it connects to the Internet address server-54-192-206-201.atl50.r.cloudfront.net on port 443.

File name:

desktopbarapp.exe

Publisher:

Desktop Dock (signed and verified)

Version:

1.0.2.94

MD5:

ef53f87148a03e9ccf4c97c08aba9fc0

SHA-1:

863513f56278ddc0e10398f50c919cebf935ad23

SHA-256:

98a076c3c76f82f3096bc856fe944768616e44cd77a5e5f0d7127628ac67d1cb

Scanner detections:

10 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 8:00:58 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/Adware.Gen7

8.3.1.6

Baidu Antivirus

PUA.Win32.Verti

4.0.3.15714

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Adware.Plugin.1095

9.0.1.0195

ESET NOD32

Win32/Verti.K potentially unwanted (variant)

9.11817

Fortinet FortiGate

W32/Verti.K

7/14/2015

K7 AntiVirus

Adware

13.205.16308

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.DesktopDock (M)

15.7.14.0

Trend Micro House Call

Suspicious_GEN.F47V0612

7.2.195

File size:

1.6 MB (1,713,688 bytes)

Product version:

1.0.2.94

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\desktop bar\desktopbarapp.exe

Digital Signature

Signed by:

Desktop Dock

Authority:

COMODO CA Limited

Valid from:

5/8/2014 7:00:00 PM

Valid to:

5/8/2016 6:59:59 PM

Subject:

CN=Desktop Dock, O=Desktop Dock, STREET=44 Primrose Crescent, L=SUNDERLAND, S=Tyne and Wear, PostalCode=SR6 9RJ, C=GB

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

72D187E754B89EF452FF82C8A9DE9B

File PE Metadata

Compilation timestamp:

6/5/2015 9:45:32 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:CyxkgYBmK5fMFoKe0lvAcVNBbOCa0F8nYb2:CKkgYBn5fHn0l5bOC9uYa

Entry address:

0x57923

Entry point:

E8, F5, C2, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 48, F4, 55, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, 2F, 99, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, 49, B3, FF, FF, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC... 
[+]

Entropy:

5.9552

Code size:

1 MB (1,091,584 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

DesktopBar

Command:

"C:\Program Files\desktop bar\desktopbarapp.exe"

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):

Connects to server-54-192-206-201.atl50.r.cloudfront.net (54.192.206.201:443)

Remove desktopbarapp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.