» safestick.exe
Overview
Analysis
File Details
Behaviors (1)

safestick.exe

BlockMaster AB

It runs as a scheduled task under the Windows Task Scheduler.

File name:

safestick.exe

Publisher:

BlockMaster AB (signed and verified)

MD5:

47fad7f4122dd9e66ad23db22b9f61e2

SHA-1:

4559f1d3db878d4d7b393a807529f0dfca10d58b

SHA-256:

ec2ea09f99b3ef457d742da8245a08051a7868f9aac23f5c90f68ec9efe9e35a

Scanner detections:

6 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

5/2/2024 8:47:08 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Symmi.5596

121

Arcabit

Trojan.Symmi.D15DC

1.0.0.425

Bitdefender

Gen:Variant.Symmi.5596

1.0.20.1395

Emsisoft Anti-Malware

Gen:Variant.Symmi.5596

8.16.10.05.01

G Data

Gen:Variant.Symmi.5596

16.10.25

MicroWorld eScan

Gen:Variant.Symmi.5596

17.0.0.837

File size:

4.7 MB (4,880,264 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Digital Signature

Signed by:

BlockMaster AB

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

11/19/2008 12:00:00 AM

Valid to:

12/5/2010 11:59:59 PM

Subject:

CN=BlockMaster AB, OU=SECURE APPLICATION DEVELOPMENT, O=BlockMaster AB, L=Lund, S=Lund, C=SE

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

550E1891F0F6EBA4ACD949D07B5E5E0E

File PE Metadata

Compilation timestamp:

2/4/2010 5:58:30 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:mrS5bhAOUO5Rgz1vnLO+A5t7piaEc8K7xgwl1gMJlp8H3TYmRJf12+BBD9:mrsbhAegzJnPyt7EaEcVKwZmDAmBD9

Entry address:

0x12D3

Entry point:

55, 8B, EC, 6A, FF, 68, 00, 00, 00, 00, 68, 00, 00, 00, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 53, 68, A1, FB, E4, C4, E8, 5A, FF, FF, FF, 52, E8, 5E, FF, FF, FF, 53, 68, 8C, E0, 0A, 0B, 52, E8, 5B, FF, FF, FF, 52, E8, 16, FF, FF, FF, FF, 75, 00, 5E, E8, 1D, FF, FF, FF, 52, 68, 7B, 22, 20, 0F, 51, E8, 09, FF, FF, FF, 68, 9E, B5, D0, 2C, 68, 65, 20, D3, 67, 68, 80, D6, EC, CA, E8, 1C, FF, FF, FF, 55, 51, 68, DF, D7, 6C, DA, 51, E8, 79, FF, FF, FF, 68, 13, 13, 40, 00, 39, CD, 73, 01, C3... 
[+]

Entropy:

7.0395

Developed / compiled with:

Microsoft Visual C++

Code size:

2.4 MB (2,567,680 bytes)

Scheduled Task

Task name:

{5D125031-D20C-41E2-8DC2-1380EB2A3417}

Trigger:

Registration (Runs on registration)

Scan safestick.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.