» desktopyapp.exe
Overview
Analysis
File Details

desktopyapp.exe

desktopyapp Module

TRIORIS LLC

The file desktopyapp.exe, “Desktopy.ru wallpaper saver” by TRIORIS has been detected as a potentially unwanted program by 7 anti-malware scanners.

File name:

desktopyapp.exe

Publisher:

Trioris LLC (email: serg@trioris.net) (signed by TRIORIS LLC)

Product:

desktopyapp Module

Description:

Desktopy.ru wallpaper saver

Version:

1.0.0.2

MD5:

b2c6d40760a8c6bd1ab3396152718bd5

SHA-1:

2c5df255cc1ef1baf6aa24b69dcfffb0fd5f8480

SHA-256:

16137eb2887a07bb0c2697f5e1e405e3cd53e51a1ff0c2f23b8612f5f4db706e

Scanner detections:

7 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 10:26:53 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Adware-gen [Adw]

160209-2

AVG

Adware Generic5.CCHU

2015.0.4477

Dr.Web

Trojan.Triosir.261

9.0.1.05190

ESET NOD32

Win32/AdWare.Trioris.A application

7.0.302.0

McAfee

Virus.W32/HLLP.41472

18.0.204.0

Norman

Gen:Variant.Adware.Strictor.62256

03.12.2014 13:20:04

Reason Heuristics

Win32.Generic

16.2.10.23

File size:

1.3 MB (1,336,776 bytes)

Product version:

1.0.0.2

Trioris LLC (email: serg@trioris.net)

Original file name:

desktopyapp.exe

Common path:

C:\users\{user}\desktopy.ru\trz94ee.tmp

Digital Signature

Signed by:

TRIORIS LLC

Authority:

COMODO CA Limited

Valid from:

3/27/2013 12:00:00 AM

Valid to:

3/26/2016 11:59:59 PM

Subject:

CN=TRIORIS LLC, O=TRIORIS LLC, STREET="Griboedova str., 34, 5", L=Novosibirsk, S=Novosibirsk region, PostalCode=630000, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00DDE431469F44EE01CD42B3680AB9990D

File PE Metadata

Compilation timestamp:

4/24/2014 10:25:12 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:gyGRgBmOlwYT7RvzTY5f31MTBWF+bNFZAIzjTNxDQeidH+eExiYvxoxJ:g5gBmMzT7RvzTiGTLZ/rNxDQeidH+eEG

Entry address:

0x67A34

Entry point:

E8, AC, B6, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 50, 2C, 4A, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 20, 12, 48, 00, 33, C0, 39, 5D, 28, 53, 53, FF, 75, 18, 0F, 95, C0, FF, 75, 14, 8D, 04, C5, 01, 00, 00, 00, 50, FF, 75, 24, FF, D6, 8B, F8, 89... 
[+]

Code size:

510.5 KB (522,752 bytes)

Remove desktopyapp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.