home

evocore.exe

SlipStream Engine

Research In Motion Limited

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SlipStream’.
Publisher:
SlipStream Data Inc.  (signed by Research In Motion Limited)

Product:
SlipStream Engine

Description:
Accelerator Core Services

Version:
7.0.0

MD5:
b3d998836bd6158ac6fb513a19d951c8

SHA-1:
ab68102346abe0bcdc053b559f60e45f71ace243

SHA-256:
c1814edd866b05d989f516c0568784241d2d22be1b47cd0e3ceaf84cfb395389

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/27/2024 1:24:17 AM UTC  (today)

File size:
329.9 KB (337,832 bytes)

Product version:
7.0.7

Copyright:
Copyright (C) 2005

Original file name:
slipcore.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\sawa-evo\evocore.exe

Digital Signature
Signed by:
Research In Motion Limited

Authority:
VeriSign, Inc.

Valid from:
11/24/2011 2:00:00 AM

Valid to:
11/24/2012 1:59:59 AM

Subject:
CN=Research In Motion Limited, OU=IT - Service Delivery Automation, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Research In Motion Limited, L=Waterloo, S=Ontario, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
42EB1DD25F4CA7E261B7E506412188F2

File PE Metadata
Compilation timestamp:
9/21/2011 3:27:28 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:cDDlLjJcn9YeXUj1XIXFn584trStEAmU4KoaESS2:cDDgnqeXUE5FtrSm1BSP

Entry address:
0x25D78

Entry point:
E8, D8, 8D, 00, 00, E9, 16, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, 55, 8D, AC, 24, 58, FD, FF, FF, 81, EC, 28, 03, 00, 00, A1, 54, BC, 44, 00, 33, C5, 89, 85, A4, 02, 00, 00, F6, 05, 20, BD, 44, 00, 01, 56, 74, 08, 6A, 0A, E8, 6E, 13, 00, 00, 59, E8, 61, 8F, 00, 00, 85, C0, 74, 08, 6A, 16, E8, 63, 8F, 00, 00...
 
[+]

Entropy:
6.4160

Code size:
216 KB (221,184 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SlipStream

Command:
"C:\Program Files\sawa-evo\evocore.exe"


Scan evocore.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.