home

slack.exe

Slack Desktop

Slack Technologies Inc.

This is a setup program which is used to install the application. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘slack’. The file has been seen being downloaded from goodmediateam.slack.com and multiple other hosts.
Publisher:
Slack Technologies  (signed by Slack Technologies Inc.)

Product:
Slack Desktop

Version:
1.2.2

MD5:
a2eeedf797796ee298980f49416aa26b

SHA-1:
f81101c1d5cf3ab830b70fd06a89007164ab69e3

SHA-256:
f5991f6546a377f6e749b49b6af031121d7958c8371063a8abe02e5072bd9083

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/5/2024 1:07:30 PM UTC  (today)

Scan engine
Detection
Engine version

Rising Antivirus
PE:Malware.RDM.07!5.D[F1]
23.00.65.15923

File size:
57.5 MB (60,334,008 bytes)

Product version:
1.2.2

Copyright:
Copyright 2015 Slack Technologies

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\squirrelmachineinstalls\slack.exe

Digital Signature
Signed by:
Slack Technologies Inc.

Authority:
StartCom Ltd.

Valid from:
9/14/2015 6:14:30 AM

Valid to:
9/14/2017 10:15:16 AM

Subject:
E=certmaster@slack-corp.com, CN=Slack Technologies Inc., O=Slack Technologies Inc., L=San Francisco, S=California, C=US

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
12E0938F5DE4BE

File PE Metadata
Compilation timestamp:
9/8/2015 3:39:49 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
1572864:vQ2irYe5WpBOw0mq3ESwZ3n9CCSB9x53ic3K9CA:42iYehmoESkXS/x5t69R

Entry address:
0xAD5E

Entry point:
E8, 48, 66, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 44, 99, 42, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 04, 84, 42, 00, 01, 0F, 82, 7F, 67, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83...
 
[+]

Entropy:
7.9979  (probably packed)

Code size:
109.5 KB (112,128 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
slack

Command:
C:\ProgramData\squirrelmachineinstalls\slack.exe --checkinstall


The file slack.exe has been seen being distributed by the following 14 URLs.

https://goodmediateam.slack.com/.../download-win

https://rebelone.slack.com/.../download-win

https://goforexpro.slack.com/.../download-win

https://tbc10.slack.com/.../download-win

https://whfn.slack.com/.../download-win

https://fringe81.slack.com/.../download-win

https://ksysegypt.slack.com/.../download-win

https://mastereidi.slack.com/.../download-win

https://rodriteam.slack.com/.../download-win

https://iuic.slack.com/.../download-win

https://slack-ssb-updates.global.ssl.fastly.net/.../SlackSetup.exe

https://ebarcarhab.slack.com/.../download-win

https://slack.com/.../download-win

https://arfandan.slack.com/.../download-win

Scan slack.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.