home

SalonIris.exe

DaySmart Software, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Salon Iris’.
Publisher:
DaySmart Software, Inc.  (signed and verified)

Version:
10.0.1340.5

MD5:
d43e2d76710b49372c0a185d2fbbe732

SHA-1:
246419cf78b71c21835babef231f267152166aa6

SHA-256:
c6155cd93ae9cb772dbc31a5482915c3ec6c47106046fbf87779565a7b90fdbd

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 3:09:03 PM UTC  (today)

File size:
39.8 MB (41,728,056 bytes)

Product version:
10.0.1340.5

Original file name:
SalonIris.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\salon iris\saloniris.exe

Digital Signature
Signed by:
DaySmart Software, Inc.

Authority:
GoDaddy.com, Inc.

Valid from:
9/21/2011 4:24:59 PM

Valid to:
9/20/2014 1:36:16 PM

Subject:
CN="DaySmart Software, Inc.", OU=Software Development, O="DaySmart Software, Inc.", L=Wixom, S=MI, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B9CBEAFD1CF38

File PE Metadata
Compilation timestamp:
8/20/2013 8:51:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x84C464

Entry point:
FF, 25, 54, C4, C4, 00, 00, 00, 5F, 43, 6F, 72, 45, 78, 65, 4D, 61, 69, 6E, 00, 6D, 73, 63, 6F, 72, 65, 65, 2E, 64, 6C, 6C, 00, 1A, 29, 00, 00, 00, 01, 00, 00, 00, FF, FF, FF, FF, 01, 00, 00, 00, 00, 00, 00, 00, 10, 01, 00, 00, 00, 02, 00, 00, 00, 06, 02, 00, 00, 00, 0D, 53, 41, 4C, 4F, 4E, 49, 52, 49, 53, 2E, 45, 58, 45, 09, 03, 00, 00, 00, 04, 03, 00, 00, 00, 1C, 53, 79, 73, 74, 65, 6D, 2E, 43, 6F, 6C, 6C, 65, 63, 74, 69, 6F, 6E, 73, 2E, 48, 61, 73, 68, 74, 61, 62, 6C, 65, 07, 00, 00, 00, 0A, 4C, 6F, 61...
 
[+]

Entropy:
7.7283  (probably packed)

Code size:
39.4 MB (41,354,752 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Salon Iris

Command:
C:\Program Files\salon iris\saloniris.exe


Scan SalonIris.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.