home

funnyclocks.exe

ART PLUS Inc.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘ArtPlus Funny Clocks’.
Publisher:
ART PLUS Inc.  (signed and verified)

Description:
ArtPlus Funny Clocks

Version:
3.0.0.110

MD5:
c0036e38714001620e6a3b15965b1cb0

SHA-1:
e01433ab7f0866b358ec640f88c6b5e4e0b91583

SHA-256:
a1a26868962c57e7c8d0dcc3fa04311da2e384815daaa87c4b37934c17c484f5

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 4:29:08 PM UTC  (today)

File size:
3.7 MB (3,922,376 bytes)

Product version:
3.0

Copyright:
Copyright © 2012 Art Plus Inc., Zagreb, Croatia

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\funnyclocks\funnyclocks.exe

Digital Signature
Signed by:
ART PLUS Inc.

Authority:
The USERTRUST Network

Valid from:
8/11/2010 7:00:00 AM

Valid to:
8/11/2013 6:59:59 AM

Subject:
CN=ART PLUS Inc., O=ART PLUS Inc., STREET=Kapelska 5, L=Zagreb, S=HR, PostalCode=10000, C=HR

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
40F6AFA8F36CD5888E94F4859C354711

File PE Metadata
Compilation timestamp:
12/29/2012 2:15:04 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x2FBEEC

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 30, C4, 6E, 00, E8, 3B, 17, D1, FF, 8B, 1D, 08, 8C, 70, 00, 8B, 03, E8, 22, FB, E8, FF, 8B, 03, BA, C4, BF, 6F, 00, E8, 12, F5, E8, FF, 8B, 03, B2, 01, E8, 35, 17, E9, FF, B8, C4, BF, 6F, 00, E8, A7, 9F, EB, FF, 84, C0, 74, 75, 8B, 03, C6, 40, 5F, 00, 8B, 0D, 98, 88, 70, 00, 8B, 03, 8B, 15, 30, F8, 63, 00, E8, FE, FA, E8, FF, 8B, 0D, 88, 83, 70, 00, 8B, 03, 8B, 15, 2C, 85, 6E, 00, E8, EB, FA, E8, FF, 8B, 0D, 40, 81, 70, 00, 8B, 03, 8B, 15, D8, 65, 6E, 00, E8, D8, FA, E8, FF...
 
[+]

Entropy:
6.7675

Developed / compiled with:
Microsoft Visual C++

Code size:
3 MB (3,122,688 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ArtPlus Funny Clocks

Command:
"C:\users\{user}\downloads\funnyclocks\funnyclocks.exe" \a


Scan funnyclocks.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.