» starckw.exe
Overview
Analysis
File Details
Network (1)

starckw.exe

Star Check Writer

Starre Enterprises, Inc.

The application starckw.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. While running, it connects to the Internet address sta.starre.com on port 80 using the HTTP protocol.

File name:

starckw.exe

Publisher:

Starre Enterprises, Inc.

Product:

Star Check Writer

Version:

4.3.0.0

MD5:

63be014802d72a0718aee0e4dae257e1

SHA-1:

412da04b0cf265f22936f8af13e939dbc16c9526

SHA-256:

36d8622d1e8c85c2dd17f5b52f54b147823156985c9fba0edab5156055ea9164

Scanner detections:

2 / 68

Status:

Potentially unwanted

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

11/24/2024 8:55:21 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Detection.Undefined

7.0.302.0

F-Secure

Adware.BrowseFox.EI

5.05.7110

File size:

5.6 MB (5,836,800 bytes)

Product version:

4.30

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\star check writer\starckw.exe

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

83.82

CTPH (ssdeep):

98304:aruL8Y4Iuf1Dm+oL+qs9g+7yBloC7En+Bs0YyH2aU:ch3f1DhQAfyBVEneC

Entry address:

0x80A900

Entry point:

55, 8B, EC, 6A, FF, 68, A0, 5A, C2, 00, 68, D8, A5, C0, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 78, 01, C2, 00, 33, D2, 8A, D4, 89, 15, E0, 6C, C2, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, DC, 6C, C2, 00, C1, E1, 08, 03, CA, 89, 0D, D8, 6C, C2, 00, C1, E8, 10, A3, D4, 6C, C2, 00, 33, F6, 56, E8, 6B, 16, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 36, 13, 00, 00, FF, 15, 74, 00, C2, 00, A3, E4, 82, C2, 00, E8... 
[+]

Entropy:

7.7244

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

244 KB (249,856 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to sta.starre.com (216.172.190.216:80)

Remove starckw.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.