» mdslr.exe
Overview
Analysis
File Details
Behaviors (1)

mdslr.exe

MD5Qt Schedule

Sigbert Engelhardt

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Office-SIScheduler’.

File name:

mdslr.exe

Publisher:

SE-CS (signed by Sigbert Engelhardt)

Product:

MD5Qt Schedule

Description:

Scheduler für Auftragsbearbeitung

Version:

2.0.0.1

MD5:

c187e491d644da64d589aa3a6e84c381

SHA-1:

19332618e4515164cc9722f0d20e382d5df668b0

SHA-256:

2c62645a3a417ba70b89cb39e0d66634748c4230b8d5c2538e44dbc336c8fe77

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

5/7/2024 11:34:20 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

W32/Sality.AT

7.11.30.172

File size:

1.2 MB (1,224,848 bytes)

Product version:

Sigbert Engelhardt / Katzhagen 8 / 37337 Hundeshagen / Germany

File type:

Executable application (Win32 EXE)

Language:

German (Germany)

Digital Signature

Signed by:

Sigbert Engelhardt

Authority:

COMODO CA Limited

Valid from:

8/25/2014 2:00:00 AM

Valid to:

8/25/2016 1:59:59 AM

Subject:

CN=Sigbert Engelhardt, O=Sigbert Engelhardt, STREET=Katzhagen 8, L=Hundeshagen, S=Thüringen, PostalCode=37339, C=DE

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

44B32E3B2BF4662282AB4F687F26C63B

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:RdKI/LzrqMc42+96TpO08aNTziK5gwK+M+TyHIPFQ7i5:TK4LvV2w6ZNBKp/Cmi5

Entry address:

0xC9778

Entry point:

55, 8B, EC, 83, C4, F4, 53, B8, 38, 93, 4C, 00, E8, 13, D7, F3, FF, A1, D8, C0, 4C, 00, 8B, 00, E8, 93, 07, F8, FF, E8, BA, 48, FE, FF, 68, 08, 98, 4C, 00, 6A, FF, 6A, 00, E8, B8, D7, F3, FF, 8B, D8, 85, DB, 74, 54, E8, A5, D8, F3, FF, 85, C0, 75, 4B, A1, D8, C0, 4C, 00, 8B, 00, E8, 65, 07, F8, FF, A1, D8, C0, 4C, 00, 8B, 00, BA, 38, 98, 4C, 00, E8, 78, 03, F8, FF, 8B, 0D, 24, BE, 4C, 00, A1, D8, C0, 4C, 00, 8B, 00, 8B, 15, 90, DB, 4B, 00, E8, 54, 07, F8, FF, A1, D8, C0, 4C, 00, 8B, 00, E8, C8, 07, F8, FF... 
[+]

Entropy:

6.3400

Developed / compiled with:

Microsoft Visual C++

Code size:

802.5 KB (821,760 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Office-SIScheduler

Command:

"C:\office-si\mdslr.exe"

Scan mdslr.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.