» ShipWorks.exe
Overview
Analysis
File Details
Behaviors (1)

ShipWorks.exe

ShipWorks

Interapptive, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ShipWorksScheduler$C279B40EA1094DD6BFE98E612C606573’.

File name:

ShipWorks.exe

Publisher:

Interapptive®, Inc. (signed by Interapptive, Inc.)

Product:

ShipWorks

Description:

ShipWorks®

Version:

4.7.0.8746

MD5:

0012ce6285efbd78eeba2dd6eea7176b

SHA-1:

8c45f0920748a5902c437fcf61cd1162719da9db

SHA-256:

ab0bcaced614fb832243db0a1129a25e68790b8977479839372daad1555807e2

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

11/25/2024 4:28:25 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

W32/Virut.Gen

7.11.30.172

File size:

523.7 KB (536,296 bytes)

Product version:

4.7.0.8746

Trademarks:

ShipWorks® and Interapptive® are registered trademarks of Interapptive®, Inc.

Original file name:

ShipWorks.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\shipworks\shipworks.exe

Digital Signature

Signed by:

Interapptive, Inc.

Authority:

COMODO CA Limited

Valid from:

10/14/2015 8:00:00 PM

Valid to:

1/22/2016 6:59:59 PM

Subject:

CN="Interapptive, Inc.", O="Interapptive, Inc.", STREET=One Memorial Drive, STREET=Suite 2000, L=St. Louis, S=MO, PostalCode=63102, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A36510F38B56DEF53F5047C43BDD1F07

File PE Metadata

Compilation timestamp:

1/8/2016 11:24:26 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

48.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:6Mb434+FcgsnN8UA9hm+DgGS3sIToR1LjVoko6BqLR9D813Nu3TicG2e:/b4vUNe1V1LjVro6Id9D8dNXCe

Entry address:

0x3F9A

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 30, 00, 00, 0C, 00, 00, 00, 9C, 3F, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

4.9970

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

8 KB (8,192 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

ShipWorksScheduler$C279B40EA1094DD6BFE98E612C606573

Command:

C:\Program Files\shipworks\shipworks.exe \s=scheduler

Scan ShipWorks.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.