home

ExSync.exe

Exclaimer Outlook Settings Update Client (Loader)

Exclaimer Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Exclaimer’.
Publisher:
Exclaimer Ltd  (signed and verified)

Product:
Exclaimer Outlook Settings Update Client (Loader)

Version:
2.0.40927.1

MD5:
bbb66c08ad5a61a690affc7858477ebe

SHA-1:
8a9279e6f6d2b79f8003c69d42b0f0658e733cd2

SHA-256:
fe1f62b0d5f21aad27036cf76c9f4f833cfa0f12ab2d6acb9f1229a099033cf2

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 1:06:33 PM UTC  (today)

File size:
7.5 MB (7,820,432 bytes)

Product version:
2.0.40927.1

Copyright:
Copyright © 2001-2011 Exclaimer Ltd. All rights reserved.

Original file name:
ExSync.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\Program Files\exsig\exsync.exe

Digital Signature
Signed by:
Exclaimer Ltd

Authority:
Thawte, Inc.

Valid from:
3/6/2011 7:00:00 PM

Valid to:
3/14/2013 7:59:59 PM

Subject:
CN=Exclaimer Ltd, OU=SECURE APPLICATION DEVELOPMENT, O=Exclaimer Ltd, L=Farnborough, S=Hampshire, C=GB

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
502C57F182A2F753B3CD2EEFEE1A7523

File PE Metadata
Compilation timestamp:
9/27/2011 11:45:05 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:nrpoDrDGmadZMlzXz3REo49c8ousSa6BrDlXY/U:dSDGmaybR749cEVXY

Entry address:
0xF0A17

Entry point:
E8, 1C, 69, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, 1C, 92, 55, 00, 75, 02, F3, C3, E9, A3, 69, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 85, F6, 75, 04, 33, C0, EB, 61, 83, 7D, 08, 00, 75, 13, E8, E3, 0D, 00, 00, 6A, 16, 5E, 89, 30, E8, 0D, 6C, 00, 00, 8B, C6, EB, 48, 83, 7D, 10, 00, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, EF, 42, 00, 00, 83, C4, 0C, EB, C7, FF, 75, 0C, 6A, 00, FF, 75, 08, E8, BD, 12, 00, 00, 83, C4, 0C, 83, 7D, 10, 00, 74, BB, 39, 75, 0C, 73, 0E, E8, 99, 0D, 00, 00, 6A...
 
[+]

Entropy:
6.5056

Code size:
1.1 MB (1,124,352 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Exclaimer

Command:
"C:\Program Files\exsig\exsync.exe"


Scan ExSync.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.