» donation_bar.exe
Overview
Analysis
File Details
Behaviors (1)

donation_bar.exe

Marc Skawran

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘donation_bar’.

File name:

donation_bar.exe

Publisher:

Marc Skawran (signed and verified)

MD5:

0f473b809e89f9f782ec0bfcd83ae0f9

SHA-1:

c0aa171e7322262f92bd633295d6b684f859eeb0

SHA-256:

5d133e0fb2d64f17723a9591633e03cae69d93e0a676de15950dab753b02919d

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/18/2024 11:41:31 PM UTC (a few moments ago)

File size:

330.3 KB (338,184 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\donation_bar\donation_bar.exe

Digital Signature

Signed by:

Marc Skawran

Authority:

StartCom Ltd.

Valid from:

2/4/2014 7:23:08 AM

Valid to:

2/5/2016 3:22:40 PM

Subject:

E=m.skawran@networksys.org, CN=Marc Skawran, L=Tagum City, S=Davao del Norte, C=PH, Description=uwZYx59gN3N1gr77

Issuer:

CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:

0CDB

File PE Metadata

Compilation timestamp:

3/11/2013 3:52:18 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

6144:dZqLDhiqCDCgLUnTUEmj+u+4+DTQ+NOhDhVhvcrcd9v8ZEcow8XkBp7H0OmTyNA8:yBCDCg+n2T8IFKwBb0

Entry address:

0x12A0

Entry point:

55, 89, E5, 83, EC, 08, C7, 04, 24, 02, 00, 00, 00, FF, 15, 80, 51, 41, 00, E8, 98, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 8B, 0D, 9C, 51, 41, 00, 89, E5, 5D, FF, E1, 8D, 74, 26, 00, 55, 8B, 0D, 90, 51, 41, 00, 89, E5, 5D, FF, E1, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, 10, 41, 00, E8, 36, 83, 00, 00, 52, 85, C0, 74, 65, C7, 44, 24, 04, 13, 10, 41, 00, 89, 04, 24, E8, 29, 83, 00, 00, 83, EC, 08, 85, C0, 74, 11, C7, 44, 24, 04, 08, 40, 41, 00, C7, 04, 24, E0, 2E, 41, 00, FF, D0, 8B... 
[+]

Packer / compiler:

MingWin32

Code size:

40.5 KB (41,472 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

donation_bar

Command:

"C:\Program Files\donation_bar\donation_bar.exe"

Scan donation_bar.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.