home

mysticthumbs.exe

MysticThumbs

MysticCoder Pty Ltd

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘MysticThumbs’.
Publisher:
MysticCoder  (signed by MysticCoder Pty Ltd)

Product:
MysticThumbs

Version:
4, 2, 0, 6562

MD5:
2b91e750ff85a8feba115000c3fdc03c

SHA-1:
4c62c8f363f869017c24ad2905786748e15e4a8b

SHA-256:
d6b83fbe9eca78e1e87faf6cb8eb06d3e19bcc7febfa4ec6a2bc233cccf25674

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/30/2024 8:59:35 PM UTC  (today)

File size:
17.7 MB (18,591,904 bytes)

Product version:
4.2.0.0

Copyright:
Copyright © 2016 MysticCoder Pty Ltd. mysticcoder.net

Original file name:
MysticThumbs.dll

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\mysticcoder\mysticthumbs\mysticthumbs.exe

Digital Signature
Signed by:
MysticCoder Pty Ltd

Authority:
COMODO CA Limited

Valid from:
11/24/2014 8:00:00 AM

Valid to:
11/25/2019 7:59:59 AM

Subject:
CN=MysticCoder Pty Ltd, O=MysticCoder Pty Ltd, STREET=10/9 Newstead Avenue, L=Newstead, S=Queensland, PostalCode=4006, C=AU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1C3072D3693AB56BBE9F26A838895BE4

File PE Metadata
Compilation timestamp:
11/14/2016 2:16:01 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x814F0

Entry point:
E8, 16, 08, 00, 00, E9, 8E, FE, FF, FF, 53, 56, 57, 6A, 00, 68, A0, 0F, 00, 00, 68, E4, 34, 4E, 00, E8, 51, 34, 00, 00, 83, C4, 0C, 68, E8, 88, 4B, 00, FF, 15, C0, 82, 4B, 00, 8B, F0, 85, F6, 0F, 84, 8C, 00, 00, 00, 68, 04, 89, 4B, 00, 56, FF, 15, 2C, 81, 4B, 00, 68, 20, 89, 4B, 00, 56, 8B, D8, FF, 15, 2C, 81, 4B, 00, 68, 3C, 89, 4B, 00, 56, 8B, F8, FF, 15, 2C, 81, 4B, 00, 8B, F0, 85, DB, 74, 37, 85, FF, 74, 33, 85, F6, 74, 2F, 83, 25, 00, 35, 4E, 00, 00, 8B, CB, 68, FC, 34, 4E, 00, E8, 34, 07, 00, 00, FF...
 
[+]

Entropy:
6.8108

Code size:
728.5 KB (745,984 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MysticThumbs

Command:
C:\Program Files\mysticcoder\mysticthumbs\mysticthumbs.exe --restore-last-session


Scan mysticthumbs.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.