» donation_bar.exe
Overview
Analysis
File Details
Behaviors (1)

donation_bar.exe

Marc Skawran

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘donation_bar’.

File name:

donation_bar.exe

Publisher:

Marc Skawran (signed and verified)

MD5:

6334d604fca5089aea50d1f58db95e3e

SHA-1:

9383c0f1252b3359a5a5926eabc216536fb27dbc

SHA-256:

a9a92ea6456cfe57726a8f58fc742d562c14fcfe0e8b8b5b6f18e8a827b8f139

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 10:27:00 AM UTC (today)

File size:

331.5 KB (339,504 bytes)

File type:

Executable application (Win32 EXE)

Digital Signature

Signed by:

Marc Skawran

Authority:

StartCom Ltd.

Valid from:

2/4/2014 7:23:08 AM

Valid to:

2/5/2016 3:22:40 PM

Subject:

E=m.skawran@networksys.org, CN=Marc Skawran, L=Tagum City, S=Davao del Norte, C=PH, Description=uwZYx59gN3N1gr77

Issuer:

CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:

0CDB

File PE Metadata

Compilation timestamp:

2/22/2014 9:19:32 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

6144:V4nseJ6qC00stLUnaEmj+u+4+DTQ+NOhDhVhvcrcd9v8ZEcow8+kBp7H0OmTyNlC:Y5CVstJTQP99FKwBvl

Entry address:

0x12A0

Entry point:

55, 89, E5, 83, EC, 08, C7, 04, 24, 02, 00, 00, 00, FF, 15, A0, 51, 41, 00, E8, 98, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 8B, 0D, BC, 51, 41, 00, 89, E5, 5D, FF, E1, 8D, 74, 26, 00, 55, 8B, 0D, B0, 51, 41, 00, 89, E5, 5D, FF, E1, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, 10, 41, 00, E8, 2E, 84, 00, 00, 52, 85, C0, 74, 65, C7, 44, 24, 04, 13, 10, 41, 00, 89, 04, 24, E8, 21, 84, 00, 00, 83, EC, 08, 85, C0, 74, 11, C7, 44, 24, 04, 08, 40, 41, 00, C7, 04, 24, 00, 2F, 41, 00, FF, D0, 8B... 
[+]

Packer / compiler:

MingWin32

Code size:

41 KB (41,984 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

donation_bar

Command:

C:\users\{user}\documents\donation_bar\donation_bar.exe

Scan donation_bar.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.