» cursorhider.exe
Overview
Analysis
File Details
Behaviors (1)

cursorhider.exe

Nikolay Kuznetsov

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘CursorHider’.

File name:

cursorhider.exe

Publisher:

Softexe.com (signed by Nikolay Kuznetsov)

Version:

1.6.0.5

MD5:

7d80e1072942139f7a0fa4c40d1bca49

SHA-1:

e7ee18cf3e194779a2060871e77316ed617e36db

SHA-256:

f9c124c821df98401b49c02e97fb2354091c6b6c928fb69e16b6e5a2d176b5f5

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/27/2024 3:20:27 AM UTC (today)

File size:

544.7 KB (557,768 bytes)

Product version:

1.6.0

File type:

Executable application (Win32 EXE)

Language:

Russian (Russia)

Digital Signature

Signed by:

Nikolay Kuznetsov

Authority:

StartCom Ltd.

Subject:

E=adasoft@gmail.com, CN=Nikolay Kuznetsov, L=Kostroma, S=Kostroma Oblast, C=RU, Description=4nYnxiuzB4w6gL2G

Issuer:

CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:

0626

File PE Metadata

Compilation timestamp:

6/20/1992 3:52:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:KjI/ockjxBwmCj9cB3/FbvVjnvcaeyrsDNmXgTDDqxPrzI1TT1e:KjI/oDwmGcBvpdjnLeyQ5zTDDSzI2

Entry address:

0x69334

Entry point:

55, 8B, EC, 83, C4, F0, 33, C0, 89, 45, F0, B8, AC, 91, 46, 00, E8, EB, C9, F9, FF, 33, C0, 55, 68, 3F, 95, 46, 00, 64, FF, 30, 64, 89, 20, 8D, 55, F0, B8, 01, 00, 00, 00, E8, 28, 95, F9, FF, 8B, 45, F0, BA, 54, 95, 46, 00, E8, 27, A9, F9, FF, 75, 1D, 8D, 45, F0, E8, 49, FC, FF, FF, 8B, 4D, F0, B8, 80, CB, 46, 00, 8B, 15, 40, AD, 46, 00, E8, 46, A8, F9, FF, EB, 1B, 8D, 45, F0, E8, F8, FC, FF, FF, 8B, 4D, F0, B8, 80, CB, 46, 00, 8B, 15, 40, AD, 46, 00, E8, 29, A8, F9, FF, 8D, 55, F0, B8, 01, 00, 00, 00, E8... 
[+]

Entropy:

6.4067

Developed / compiled with:

Microsoft Visual C++

Code size:

417.5 KB (427,520 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

CursorHider

Command:

C:\programes installed\cursor hider win 8\cursorhider.exe

Scan cursorhider.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.