desktopdockapp.exe

Desktop Dock

The application desktopdockapp.exe by Desktop Dock has been detected as a potentially unwanted program by 8 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DesktopDock’. While running, it connects to the Internet address server-54-230-37-216.jfk1.r.cloudfront.net on port 443.
Publisher:
Desktop Dock  (signed and verified)

Version:
1.0.2.19

MD5:
c374d2c0f406901725546846967df5ed

SHA-1:
8d846fd58a8b6f501e96f3ec49b653b8c12e7c53

SHA-256:
935fb108d5860c48ee1e7e1f97fbe29ff09cd1328c702ce79ff7656900d8ad0e

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 12:38:19 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.213.100

ESET NOD32
Win32/Verti.K potentially unwanted (variant)
9.11265

Fortinet FortiGate
Riskware/Verti
3/10/2015

K7 AntiVirus
Trojan
13.200.15150

McAfee
Artemis!C374D2C0F406
5600.6830

Reason Heuristics
PUP.Startup.DesktopDock
15.3.10.13

Sophos
Generic PUA IN
4.98

Trend Micro House Call
Suspicious_GEN.F47V0227
7.2.69

File size:
1.5 MB (1,528,344 bytes)

Product version:
1.0.2.19

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\desktop dock\desktopdockapp.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/8/2014 8:00:00 PM

Valid to:
5/8/2016 7:59:59 PM

Subject:
CN=Desktop Dock, O=Desktop Dock, STREET=44 Primrose Crescent, L=SUNDERLAND, S=Tyne and Wear, PostalCode=SR6 9RJ, C=GB

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
72D187E754B89EF452FF82C8A9DE9B

File PE Metadata
Compilation timestamp:
2/26/2015 11:09:32 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:89SUuW4tPHx7q3sIEbA/pRkiV58AHZPbTSIBwSIgPx3y0yULlOhO1iM/OkDQShDw:qR74xAN58A5PPkgaIaShDhlzg

Entry address:
0x4C0D5

Entry point:
E8, E0, C6, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 00, 92, 53, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, B9, A1, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, A7, C3, FF, FF, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC...
 
[+]

Entropy:
5.9555

Code size:
946.5 KB (969,216 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
DesktopDock

Command:
"C:\Program Files\desktop dock\desktopdockapp.exe"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to server-54-230-37-43.jfk1.r.cloudfront.net  (54.230.37.43:443)

TCP (HTTP SSL):
Connects to server-54-230-37-124.jfk1.r.cloudfront.net  (54.230.37.124:443)

TCP (HTTP):
Connects to md-83.webhostbox.net  (162.222.227.194:80)

TCP (HTTP):
Connects to ec2-52-21-139-228.compute-1.amazonaws.com  (52.21.139.228:80)

TCP (HTTP):
Connects to cphost06.qhoster.net  (86.106.93.230:80)

TCP (HTTP SSL):
Connects to server-54-230-37-245.jfk1.r.cloudfront.net  (54.230.37.245:443)

TCP (HTTP SSL):
Connects to server-54-192-48-29.jfk5.r.cloudfront.net  (54.192.48.29:443)

TCP (HTTP):
Connects to li974-246.members.linode.com  (45.33.20.246:80)

TCP (HTTP SSL):
Connects to cache.google.com  (209.226.57.227:443)

TCP (HTTP SSL):
Connects to server-54-230-37-78.jfk1.r.cloudfront.net  (54.230.37.78:443)

TCP (HTTP SSL):
Connects to server-54-230-37-40.jfk1.r.cloudfront.net  (54.230.37.40:443)

TCP (HTTP SSL):
Connects to server-54-230-37-216.jfk1.r.cloudfront.net  (54.230.37.216:443)

TCP (HTTP SSL):
Connects to server-54-230-37-185.jfk1.r.cloudfront.net  (54.230.37.185:443)

TCP (HTTP SSL):
Connects to server-54-230-37-157.jfk1.r.cloudfront.net  (54.230.37.157:443)

TCP (HTTP):
Connects to ec2-34-199-132-228.compute-1.amazonaws.com  (34.199.132.228:80)

TCP (HTTP):
Connects to w01.ttms.eu  (46.105.156.71:80)

TCP (HTTP):
Connects to ec2-52-1-63-37.compute-1.amazonaws.com  (52.1.63.37:80)

Remove desktopdockapp.exe - Powered by Reason Core Security