» sr.exe
Overview
Analysis
File Details
Behaviors (1)

sr.exe

SlickRun

Eric Lawrence

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘SlickRun’.

File name:

sr.exe

Publisher:

Bayden Systems (signed by Eric Lawrence)

Product:

SlickRun

Description:

SlickRun Command Line Utility

Version:

4.3.3.2

MD5:

6889048c0ed3cd23f5a4d0bc73b5cbbf

SHA-1:

9a0785e1fcc6da828cbef34a799673e73a41e0f7

SHA-256:

a61e128d07e569e44f38a9ec1f73270bb751272aaca7afc421e69c77adc860b8

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/27/2024 3:37:50 PM UTC (today)

File size:

4 MB (4,212,368 bytes)

Product version:

4.3.3.2

Original file name:

sr.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\slickrun\sr.exe

Digital Signature

Signed by:

Eric Lawrence

Authority:

DigiCert Inc

Valid from:

1/23/2015 5:30:00 AM

Valid to:

1/31/2018 5:30:00 PM

Subject:

CN=Eric Lawrence, O=Eric Lawrence, L=Austin, S=Texas, C=US

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0E7A7FDB64012964951C890FFCF23C10

File PE Metadata

Compilation timestamp:

8/8/2016 5:55:35 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

49152:Yv54S0BZUgYG/BRRACV9SUx1dfmRmmjaIk1m:KwN/mxk8

Entry address:

0x36FD70

Entry point:

55, 48, 83, EC, 20, 48, 8B, EC, 90, 48, 8D, 0D, B8, 29, FF, FF, E8, 7B, 69, CA, FF, 48, 8B, 05, F4, 81, 04, 00, 48, 8B, 08, E8, BC, 59, F9, FF, 48, 8B, 05, E5, 81, 04, 00, 48, 8B, 08, 48, 33, D2, E8, 8A, 86, F9, FF, 48, 8B, 05, D3, 81, 04, 00, 48, 8B, 08, 48, 8D, 15, B5, 00, 00, 00, E8, E4, 50, F9, FF, E8, 8F, 28, FF, FF, 84, C0, 75, 64, 48, 8B, 0D, EC, 21, FB, FF, B2, 01, E8, 4D, 39, FB, FF, 48, 8B, 0D, 2E, 87, 04, 00, 48, 89, 01, 48, 8B, 05, 9C, 81, 04, 00, 48, 8B, 08, 48, 8B, 15, 92, CA, FE, FF, 4C, 8B... 
[+]

Entropy:

5.8478

Code size:

3.4 MB (3,600,384 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

SlickRun

Command:

"C:\Program Files\slickrun\sr.exe"

Scan sr.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.