home

mysticthumbs.exe

MysticThumbs

MysticCoder Pty Ltd

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘MysticThumbs’.
Publisher:
MysticCoder  (signed by MysticCoder Pty Ltd)

Product:
MysticThumbs

Version:
4, 2, 0, 6562

MD5:
d6fb2ef7929aed32d9df23688b26a663

SHA-1:
2c35a9a089158a82085817cd021156c030a99335

SHA-256:
81e0f82debeacf72cbe633db7d0117e06774c6dc845dc3ce1ff2e49fe08105d9

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/30/2024 8:58:49 PM UTC  (today)

File size:
17.9 MB (18,791,584 bytes)

Product version:
4.2.0.0

Copyright:
Copyright © 2016 MysticCoder Pty Ltd. mysticcoder.net

Original file name:
MysticThumbs.dll

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\mysticcoder\mysticthumbs\mysticthumbs.exe

Digital Signature
Signed by:
MysticCoder Pty Ltd

Authority:
COMODO CA Limited

Valid from:
11/23/2014 7:00:00 PM

Valid to:
11/24/2019 6:59:59 PM

Subject:
CN=MysticCoder Pty Ltd, O=MysticCoder Pty Ltd, STREET=10/9 Newstead Avenue, L=Newstead, S=Queensland, PostalCode=4006, C=AU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1C3072D3693AB56BBE9F26A838895BE4

File PE Metadata
Compilation timestamp:
11/14/2016 1:17:30 AM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
196608:TGppmQ5e+VDj+lRhJF5jnSBxZ2TsCvtS4v+MVlHArSFK8PZYRwrh6GVAjn:qL5Z5+ljMx2TsCvE42MVlHAy2RYh12z

Entry address:
0x8BAF8

Entry point:
48, 83, EC, 28, E8, 4F, 09, 00, 00, 48, 83, C4, 28, E9, 82, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 45, 33, C0, 48, 8D, 0D, DB, 70, 08, 00, BA, A0, 0F, 00, 00, E8, 31, 39, 00, 00, 48, 8D, 0D, 0A, F6, 03, 00, FF, 15, 7C, E7, 03, 00, 48, 8B, D8, 48, 85, C0, 0F, 84, CC, 00, 00, 00, 48, 8D, 15, 11, F6, 03, 00, 48, 8B, C8, FF, 15, 08, E7, 03, 00, 48, 8D, 15, 21, F6, 03, 00, 48, 8B, CB, 48, 8B, F0, FF, 15, F5, E6, 03, 00, 48, 8D, 15, 2E, F6, 03, 00, 48, 8B, CB, 48, 8B, F8...
 
[+]

Code size:
803 KB (822,272 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MysticThumbs

Command:
C:\Program Files\mysticcoder\mysticthumbs\mysticthumbs.exe


Scan mysticthumbs.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.