hyperdesktop.exe

Hyperdesktop

This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Hyperdesktop’. The file has been seen being downloaded from www.programosy.pl and multiple other hosts.
Publisher:
Hyperdesktop

Product:
Hyperdesktop

Description:
Simple, fast screenshot sharing!

Version:
1.0.3.9

MD5:
44948758545b6e8fc8ee5de224fb10c1

SHA-1:
549ea7334e7639428a4d0adb16df6d80e890e898

SHA-256:
bfa6191d9a6ab78d742180c72446363cd203b5a3feb91895ed4ce669e87d69ec

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
10/15/2018 2:32:58 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/PECompact
7.1.1

Bkav FE
HW32.CDB
1.3.0.4613

File size:
308.6 KB (316,000 bytes)

Product version:
1.0.3.9

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\hyperdesktop\hyperdesktop.exe

File PE Metadata
Compilation timestamp:
12/13/2012 1:14:44 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
6144:A+EqBdWShIg+HIMPYWIDZrhazmZyk6M8rENKN2F6pVULUUQ:JjnhINInWihSGykf872F6peLDQ

Entry address:
0x1110

Entry point:
B8, 9C, 49, 4A, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, C8, 8F, 3A, 77, 16, 09, 1A, 2F, B1, 8C, 1D, 8A, 32, 34, 8D, 68, A5, A7, 51, 29, DD, 9A, 14, D1, 22, 1A, 68, 99, 59, 9F, D8, DD, A7, 0E, 48, 2B, AE, 98, CB, D9, E9, 36, 66, C3, 50, D4, 54, 57, 57, AF, EE, ED, 17, 1D, EF, C0, DB, 61, 02, 6C, EE, 98, 46, E6, B1, 64, E7, AE, A3, 66, 8B, 5D, 19, 77, 0D, 36, AD, CB, 65, 11, 1E, EB, 9B, 10, 0A, D9, 5D, 82, EB, 99, D4, B1, B7...
 
[+]

Entropy:
7.9122

Packer / compiler:
PECompact v2

Code size:
75 KB (76,800 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Hyperdesktop

Command:
C:\users\{user}\appdata\roaming\hyperdesktop\hyperdesktop.exe


The file hyperdesktop.exe has been seen being distributed by the following 6 URLs.

Scan hyperdesktop.exe - Powered by Reason Core Security