home

desktoppoet.exe

The application desktoppoet.exe has been detected as a potentially unwanted program by 7 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from bitsdujourblob.blob.core.windows.net.
MD5:
a9aa5509098a2a41b478122e8c5012ea

SHA-1:
6c378bb674e77e2d31949aaf66da5763690a8fb8

SHA-256:
b7f6b8df075a6e1a37eb893acc6da904e575386ec09298170ab3f815e00fcc4e

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 12:59:20 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
SPR/Tool.MonitorTool.Q
7.11.87.234

avast!
Win32:PUP-gen [PUP]
2014.9-150609

Dr.Web
Trojan.PWS.MSN.37
9.0.1.0160

F-Prot
W32/MalwareF.MYBH
v6.4.7.1.166

Norman
Malware.AFFPH
11.20141106

Reason Heuristics
Threat.Win.Reputation.IMP
15.6.9.1

VIPRE Antivirus
Trojan.Win32.Generic
19182

File size:
15.8 MB (16,608,942 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
393216:1J0dj8uXFfpoJAKUoYdWfsExwWD/d/jB+d0cpaabae:f1uVBoJsxdW/bzpBq0cQabae

Entry address:
0xEFC8

Entry point:
55, 8B, EC, B9, 17, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, B8, 60, EF, 40, 00, E8, 69, 64, FF, FF, 33, C0, 55, 68, 14, F7, 40, 00, 64, FF, 30, 64, 89, 20, 8D, 55, EC, B8, 01, 00, 00, 00, E8, 62, 37, FF, FF, 8B, 45, EC, 8D, 55, F0, E8, B7, 73, FF, FF, 8B, 45, F0, BA, 2C, F7, 40, 00, E8, 46, 46, FF, FF, 75, 1A, 8D, 55, E8, B8, 02, 00, 00, 00, E8, 3B, 37, FF, FF, 8B, 45, E8, E8, CF, FB, FF, FF, E9, C4, 06, 00, 00, 8D, 55, E4, B8, 01, 00, 00, 00, E8, 21, 37, FF, FF, 8B, 45, E4, BA, 3C, F7, 40, 00, E8...
 
[+]

Entropy:
7.9961

Developed / compiled with:
Microsoft Visual C++

Code size:
59 KB (60,416 bytes)

The file desktoppoet.exe has been seen being distributed by the following URL.

http://bitsdujourblob.blob.core.windows.net/bdj/.../DesktopPoet.exe

Remove desktoppoet.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.