» rubber ducky.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

rubber ducky.exe

MimarSinan International

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘MimarSinan Rubber Ducky Update Setup for All Users’. This is installed with MimarSinan Rubber Ducky.

File name:

rubber ducky.exe

Publisher:

MimarSinan International (signed by MimarSinan International)

Description:

Rubber Ducky Installation

Version:

1.11

MD5:

b81badfd1a6561f492d105934a1ef165

SHA-1:

499aef53688b09ab40d739d0c30c3a43c841bc59

SHA-256:

7f4c75f2b568f67b7b094eb4876ede67149510f608363011609f49c30a7aeba5

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

8/25/2025 4:28:26 PM UTC (today)

File size:

2.3 MB (2,434,944 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\{c357ff4b-bb69-4dc2-9869-55f052974da8}\rubber ducky.exe

Digital Signature

Signed by:

MimarSinan International

Authority:

The USERTRUST Network

Valid from:

10/9/2005 5:00:00 PM

Valid to:

10/10/2006 4:59:59 PM

Subject:

CN=MimarSinan International, O=MimarSinan International, STREET=MeSa Koru Sitesi Lale Blok No: 72, L=Ankara, S=Cayyolu, PostalCode=06810, C=TR

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

00EBA7EF5FE1A889C51F39A48B9483D357

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:B0jGw/MXnYBVBf7TVz6o1ohrDYge941Ni3jr6S0T69gASARGKLVCkS68+ynwv8JI:BNnINWXIvj0qgxAR1VtSn+Sw6pvL7Uz

Entry address:

0x1B39E4

Entry point:

55, 8B, EC, B9, 23, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, 8C, 32, 5B, 00, E8, 17, 43, E5, FF, BE, 1C, 48, 5C, 00, 33, C0, 55, 68, B2, 4F, 5B, 00, 64, FF, 30, 64, 89, 20, E8, 3F, 48, E5, FF, BA, 01, 00, 00, 00, E8, 11, 3F, EF, FF, A1, B8, F0, 5B, 00, E8, 17, 1A, E5, FF, 8D, 55, E0, 33, C0, E8, D9, F8, E5, FF, 8B, 45, E0, 8D, 55, E4, E8, CA, 8E, E5, FF, 8B, 45, E4, 8D, 55, E8, E8, 4F, F1, FF, FF, 8B, 55, E8, B8, F4, 49, 5C, 00, E8, 3E, 1A, E5, FF, 8D, 55, D8, 33, C0, E8, AC, F8, E5, FF... 
[+]

Entropy:

6.4644

Developed / compiled with:

Microsoft Visual C++

Code size:

1.7 MB (1,786,880 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

MimarSinan Rubber Ducky Update Setup for All Users

Command:

C:\ProgramData\{c357ff4b-bb69-4dc2-9869-55f052974da8}\rubber ducky.exe \updatesetup

The file rubber ducky.exe has been discovered within the following program.

MimarSinan Rubber Ducky by MimarSinan

About 5% of users remove it

Scan rubber ducky.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.