» desktopdockapp.exe
Overview
Analysis
File Details
Behaviors (1)
Network (17)

desktopdockapp.exe

Desktop Dock

The application desktopdockapp.exe by Desktop Dock has been detected as a potentially unwanted program by 8 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DesktopDock’. While running, it connects to the Internet address server-54-230-37-216.jfk1.r.cloudfront.net on port 443.

File name:

desktopdockapp.exe

Publisher:

Desktop Dock (signed and verified)

Version:

1.0.2.19

MD5:

c374d2c0f406901725546846967df5ed

SHA-1:

8d846fd58a8b6f501e96f3ec49b653b8c12e7c53

SHA-256:

935fb108d5860c48ee1e7e1f97fbe29ff09cd1328c702ce79ff7656900d8ad0e

Scanner detections:

8 / 68

Status:

Potentially unwanted

Analysis date:

4/23/2024 2:47:58 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/Adware.Gen7

7.11.213.100

ESET NOD32

Win32/Verti.K potentially unwanted (variant)

9.11265

Fortinet FortiGate

Riskware/Verti

3/10/2015

K7 AntiVirus

Trojan

13.200.15150

McAfee

Artemis!C374D2C0F406

5600.6830

Reason Heuristics

PUP.Startup.DesktopDock

15.3.10.13

Sophos

Generic PUA IN

4.98

Trend Micro House Call

Suspicious_GEN.F47V0227

7.2.69

File size:

1.5 MB (1,528,344 bytes)

Product version:

1.0.2.19

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\desktop dock\desktopdockapp.exe

Digital Signature

Signed by:

Desktop Dock

Authority:

COMODO CA Limited

Valid from:

5/8/2014 8:00:00 PM

Valid to:

5/8/2016 7:59:59 PM

Subject:

CN=Desktop Dock, O=Desktop Dock, STREET=44 Primrose Crescent, L=SUNDERLAND, S=Tyne and Wear, PostalCode=SR6 9RJ, C=GB

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

72D187E754B89EF452FF82C8A9DE9B

File PE Metadata

Compilation timestamp:

2/26/2015 11:09:32 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:89SUuW4tPHx7q3sIEbA/pRkiV58AHZPbTSIBwSIgPx3y0yULlOhO1iM/OkDQShDw:qR74xAN58A5PPkgaIaShDhlzg

Entry address:

0x4C0D5

Entry point:

E8, E0, C6, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 00, 92, 53, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, B9, A1, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, A7, C3, FF, FF, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC... 
[+]

Entropy:

5.9555

Code size:

946.5 KB (969,216 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

DesktopDock

Command:

"C:\Program Files\desktop dock\desktopdockapp.exe"

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to server-54-230-37-43.jfk1.r.cloudfront.net (54.230.37.43:443)

TCP (HTTP SSL):

Connects to server-54-230-37-124.jfk1.r.cloudfront.net (54.230.37.124:443)

TCP (HTTP):

Connects to md-83.webhostbox.net (162.222.227.194:80)

TCP (HTTP):

Connects to ec2-52-21-139-228.compute-1.amazonaws.com (52.21.139.228:80)

TCP (HTTP):

Connects to cphost06.qhoster.net (86.106.93.230:80)

TCP (HTTP SSL):

Connects to server-54-230-37-245.jfk1.r.cloudfront.net (54.230.37.245:443)

TCP (HTTP SSL):

Connects to server-54-192-48-29.jfk5.r.cloudfront.net (54.192.48.29:443)

TCP (HTTP):

Connects to li974-246.members.linode.com (45.33.20.246:80)

TCP (HTTP SSL):

Connects to cache.google.com (209.226.57.227:443)

TCP (HTTP SSL):

Connects to server-54-230-37-78.jfk1.r.cloudfront.net (54.230.37.78:443)

TCP (HTTP SSL):

Connects to server-54-230-37-40.jfk1.r.cloudfront.net (54.230.37.40:443)

TCP (HTTP SSL):

Connects to server-54-230-37-216.jfk1.r.cloudfront.net (54.230.37.216:443)

TCP (HTTP SSL):

Connects to server-54-230-37-185.jfk1.r.cloudfront.net (54.230.37.185:443)

TCP (HTTP SSL):

Connects to server-54-230-37-157.jfk1.r.cloudfront.net (54.230.37.157:443)

TCP (HTTP):

Connects to ec2-34-199-132-228.compute-1.amazonaws.com (34.199.132.228:80)

TCP (HTTP):

Connects to w01.ttms.eu (46.105.156.71:80)

TCP (HTTP):

Connects to ec2-52-1-63-37.compute-1.amazonaws.com (52.1.63.37:80)

Remove desktopdockapp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.