» Eraser.EXE
Overview
Analysis
File Details
Behaviors (1)

Eraser.EXE

Eraser

Joel Low

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Eraser’.

File name:

Eraser.EXE

Publisher:

The Eraser Project (signed by Joel Low)

Product:

Eraser

Description:

Eraser.

Version:

5.8.8-beta1

MD5:

c51ccf4d08cad1afba2a588b62a754f3

SHA-1:

7f0ef23afc5788ba4ba8391565587bd22225c391

SHA-256:

9a8dd8b055f679ecf0567b6e2764931c848ca8f06f1c42cf720a30e95760d3c2

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 5:24:05 AM UTC (today)

File size:

452.4 KB (463,248 bytes)

Product version:

5.8.8-beta1

Original file name:

Eraser.EXE

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\eraser\eraser.exe

Digital Signature

Signed by:

Joel Low

Authority:

Unizeto Technologies S.A.

Valid from:

6/5/2009 3:41:06 PM

Valid to:

6/5/2010 3:41:06 PM

Subject:

E=joel@joelsplace.sg, CN=Joel Low, OU=Unizeto (r) Personal Certificates, O=Open Source Developer, C=SG

Issuer:

CN=Certum Level III CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

049EEB

File PE Metadata

Compilation timestamp:

7/6/2009 5:28:46 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:JC9YKRFCOKCHObSXwHMIpTnSaJZymHPwPDZh5DKKu7C3kTJ7tO8oeP1Wfru5IP1:vmHJAgcC3kTQuW

Entry address:

0x31040

Entry point:

48, 83, EC, 28, E8, DB, 03, 00, 00, 48, 83, C4, 28, E9, F6, FC, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, B9, 0F, 03, 00, 75, 11, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 02, F3, C3, 48, C1, C9, 10, E9, 49, 04, 00, 00, CC, 48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 8B, F2, 48, 8B, D9, F6, C2, 02, 74, 2A, 44, 8B, 41, F8, 4C, 8D, 0D, 8C, 05, 00, 00, BA, 18, 00, 00, 00, E8, 52, 01, 00, 00, 40, F6... 
[+]

Code size:

232.5 KB (238,080 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Eraser

Command:

C:\Program Files\eraser\eraser.exe -hide

Scan Eraser.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.