Eraser.exe

Eraser

Heidi Computers Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Eraser’.
Publisher:
The Eraser Project  (signed by Heidi Computers Ltd)

Product:
Eraser

Version:
6.1.0.2781

MD5:
5d4012209478f0b30b3806db49f124d2

SHA-1:
ea2e9cf12b6991f25b8b855ecf5f8df4ca693a3e

SHA-256:
ba26b0259fda8fe986909ddac3be363e5fe8ec19ec9125fab0d9581038764d5e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 9:34:26 PM UTC  (today)

File size:
1 MB (1,052,152 bytes)

Product version:
6.1.0.2781

Copyright:
Copyright © 2008-2012 The Eraser Project

Original file name:
Eraser.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\eraser\eraser.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
4/15/2010 7:42:59 PM

Valid to:
8/8/2012 2:51:44 AM

Subject:
CN=Heidi Computers Ltd, O=Heidi Computers Ltd, L=Greystones, S=Co Wicklow, C=IE

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
010000000001280198BFB3

File PE Metadata
Compilation timestamp:
7/17/2012 1:04:25 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0xD89CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, B0, 00, 00, 80, 10, 00, 00, 00, D0, 00, 00, 80, 18, 00, 00, 00, E8, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 0E, 00, 02, 00, 00, 00, 00, 01, 00, 80, 03, 00, 00, 00, 18, 01...
 
[+]

Entropy:
7.0239

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
858.5 KB (879,104 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Eraser

Command:
"C:\Program Files\eraser\eraser.exe" \atrestart