» asterctl.exe
Overview
Analysis
File Details
Behaviors (1)

asterctl.exe

IBIK, LLC

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘asterctl’.

File name:

asterctl.exe

Publisher:

IBIK, LLC (signed and verified)

MD5:

7a3b404c112a3bddb706366598721cc7

SHA-1:

b618d8461c282d213ce96dc0ac689504b8a4988f

SHA-256:

6746bead33848e6a8010a048a5d38eedb555645e1c39cc0e4690d66e94bf898d

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 1:02:08 AM UTC (today)

File size:

5 MB (5,212,704 bytes)

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\aster-v7\asterctl.exe

Digital Signature

Signed by:

IBIK, LLC

Authority:

GlobalSign nv-sa

Valid from:

1/21/2015 1:24:01 AM

Valid to:

12/24/2015 4:51:37 AM

Subject:

CN="IBIK, LLC", O="IBIK, LLC", L=Moscow, S=Moscow, C=RU

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121ADABB91A18AFD9994701E1F62B5F1BAC

File PE Metadata

Compilation timestamp:

11/28/2015 6:52:50 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

98304:SyBwxKrdGi3Ddi/PGcrhLK+ONs3Q9DOwRCdG:pBwxEDdi3GmZONsg9DOwRwG

Entry address:

0x81EF60

Entry point:

50, 51, 52, 53, 55, 56, 57, 41, 50, 41, 51, 41, 52, 41, 53, 41, 54, 41, 55, 41, 56, 41, 57, 48, 9C, 48, 81, EC, 08, 00, 00, 00, 0F, AE, 1C, 24, E8, 00, 00, 00, 00, 5D, 48, 81, ED, 29, 00, 00, 00, 48, 81, ED, 60, EF, 81, 00, E9, 4C, 00, 00, 00, 45, 4E, 49, 47, 4D, 41, 04, 00, DF, 07, 0B, 00, 1C, 00, 0E, 00, 37, 00, 00, 00, F7, 20, BE, 36, 54, 39, C2, 71, 4C, 86, 49, 01, FE, 7F, 21, 42, 3E, 7B, EC, 6D, 01, 00, 00, 00, E0, 77, DA, 3A, DB, A0, 2D, 02, 33, 4E, 9D, 3C, 77, 39, 9F, DB, D7, 88, 8A, DD, 02, 5C, 58... 
[+]

Entropy:

7.3474

Code size:

514.5 KB (526,848 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

asterctl

Command:

C:\Program Files\aster-v7\asterctl.exe -autostart

Scan asterctl.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.