» PomocnikAukcji.exe
Overview
Analysis
File Details
Behaviors (1)

PomocnikAukcji.exe

Pomocnik aukcji

MARWER

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Pomocnik aukcji’.

File name:

PomocnikAukcji.exe

Publisher:

MARWER Marcin Werra (signed by MARWER)

Product:

Pomocnik aukcji

Version:

1.8.18.0

MD5:

d3f25a5bfe34de14ea9da395ba64453c

SHA-1:

0e479089f119b806c6c6927e9bbcc345f31a037a

SHA-256:

a31f89120824823ffbacc9c0675a1632fed2f521e3235e8b8dee7531d3aeec97

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/17/2024 3:56:05 AM UTC (today)

File size:

5.6 MB (5,866,632 bytes)

Product version:

1.8.18.0

Marcin Werra

Original file name:

PomocnikAukcji.exe

File type:

Executable application (Win32 EXE)

Language:

Polish (Poland)

Common path:

C:\Program Files\marwer.pl\pomocnik aukcji\pomocnikaukcji.exe

Digital Signature

Signed by:

MARWER

Authority:

COMODO CA Limited

Valid from:

3/19/2015 1:00:00 AM

Valid to:

3/19/2018 12:59:59 AM

Subject:

CN=MARWER, O=MARWER, POBox=89-600, STREET=Ul Malinowa 43, L=Chojnice, S=POMORSKIE, PostalCode=89-600, C=PL

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00DB94338265F416A0847EFF31C6BD66EA

File PE Metadata

Compilation timestamp:

6/30/2016 2:54:02 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

98304:nkAY9CbfFbM/iv3bAe8aQA2bD08r4e8lAQB:nCUxyaQVD08swQB

Entry address:

0x1F21EC

Entry point:

FF, 25, 20, 5E, 62, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4D, F0, E9, 34, D0, ED, FF, 8B, 4D, F0, 83, C1, 04, E9, 29, D0, ED, FF, 8B, 54, 24, 08, 8D, 42, 0C, 8B, 4A, EC, 33, C8, E8, CC, E6, ED, FF, B8, B0, 43, 7D, 00, E9, BC, E6, ED, FF, 8B, 4D, F0, E9, 36, 19, E1, FF, 8B, 54, 24, 08, 8D, 42, 0C, 8B, 4A, EC, 33, C8, E8, A9, E6, ED, FF, B8, DC, 43, 7D, 00, E9, 99, E6, ED, FF, 8B, 4D, F0, E9, BA, D1, EB, FF, 8B, 4D, F0, E9, DB, CF, ED, FF, 8B, 54, 24, 08, 8D, 42, 0C, 8B, 4A, EC, 33... 
[+]

Code size:

2.1 MB (2,240,000 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Pomocnik aukcji

Command:

C:\Program Files\marwer.pl\pomocnik aukcji\pomocnikaukcji.exe

Scan PomocnikAukcji.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.