» asterctl.exe
Overview
Analysis
File Details
Behaviors (1)

asterctl.exe

IBIK, LLC

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘asterctl’.

File name:

asterctl.exe

Publisher:

IBIK, LLC (signed and verified)

MD5:

ac11f4865e9a62f218d4984a879f167c

SHA-1:

fc4637988df4da1abd115e9f9e6d0bde9d175e5c

SHA-256:

8150d4de7439748143af3a66ef6eae1a6e8eefe582bd403d8165af4851ffb2ca

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 8:10:28 AM UTC (today)

File size:

7.9 MB (8,309,448 bytes)

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\aster\asterctl.exe

Digital Signature

Signed by:

IBIK, LLC

Authority:

GlobalSign nv-sa

Valid from:

11/5/2015 9:26:44 AM

Valid to:

1/23/2018 7:51:37 AM

Subject:

CN="IBIK, LLC", O="IBIK, LLC", L=Moscow, S=Moscow, C=RU

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121D88E3D9EA407112D3BA4F31769DAB134

File PE Metadata

Compilation timestamp:

10/28/2016 12:04:24 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

98304:aKWCvslQdXrFHIszAsKF7m2K7iSvdCBAVDYzhhhhhhhhhhhhhhhhh9yyyyyyyyyv:aZCvslQdp7zNKFa2ab0qysvPo2wW

Entry address:

0xBBB18C

Entry point:

EB, 08, 00, 06, 37, 00, 00, 00, 00, 00, 50, 51, 52, 53, 55, 56, 57, 41, 50, 41, 51, 41, 52, 41, 53, 41, 54, 41, 55, 41, 56, 41, 57, 48, 9C, 48, 81, EC, 08, 00, 00, 00, 0F, AE, 1C, 24, E8, 00, 00, 00, 00, 5D, 48, 81, ED, 33, 00, 00, 00, 48, 81, ED, 8C, B1, BB, 00, 48, 81, EC, 20, 00, 00, 00, E9, 04, 00, 00, 00, 52, 16, FF, 92, 48, C7, C0, 8C, B1, BB, 00, 48, 01, E8, 48, 81, C0, 84, 00, 00, 00, 48, C7, C1, 0E, 06, 00, 00, 48, C7, C2, 20, AA, 2D, C9, 30, 10, 48, FF, C0, 48, FF, C9, 0F, 85, F2, FF, FF, FF, E9... 
[+]

Entropy:

6.8489

Code size:

1.8 MB (1,895,936 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

asterctl

Command:

C:\Program Files\aster\asterctl.exe -autostart

Scan asterctl.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.