» tk8stickynotes.exe
Overview
Analysis
File Details
Behaviors (1)

tk8stickynotes.exe

B & M Konsultatsioonid Inc

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘TK8 StickyNotes’.

File name:

tk8stickynotes.exe

Publisher:

B & M Konsultatsioonid Inc (signed and verified)

MD5:

f293ec3e2376c9fd84f0ac36abe0feb2

SHA-1:

1371b01492251dd1e636f2b223e5b1e3df102f98

SHA-256:

492ad8b38e7ce86aa1bed0c2cc92a7f994f63a855293568fa4d5516074484582

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/23/2024 11:20:03 PM UTC (a few moments ago)

File size:

9.9 MB (10,350,384 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\tk8 stickynotes\tk8stickynotes.exe

Digital Signature

Signed by:

B & M Konsultatsioonid Inc

Authority:

The USERTRUST Network

Valid from:

12/8/2010 7:00:00 AM

Valid to:

12/8/2012 6:59:59 AM

Subject:

CN=B & M Konsultatsioonid Inc, O=B & M Konsultatsioonid Inc, STREET=Hargla side, L=Taheva v., S=Valgamaa, PostalCode=68001, C=EE

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

04A9CDDF0121D253346CD40D7B98845F

File PE Metadata

Compilation timestamp:

2/7/2012 6:09:33 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:PbWQ3UowX/kT16N5zWcRRBwGOkZniZ4klNLSs85JJERr1kOfBMnjkvD9u9/kUdAB:PbBbC/ki5PRRBwGOkdSHL2reRJB2ZMrd

Entry address:

0x5BDA38

Entry point:

55, 8B, EC, 83, C4, F0, 53, 56, B8, C8, 70, 9B, 00, E8, 86, A4, A4, FF, 8B, 35, A0, 0F, 9E, 00, 8B, 06, E8, E9, FE, AC, FF, 8B, 06, 33, D2, E8, C8, 1D, AD, FF, 8B, 06, C6, 40, 5B, 00, 8B, 06, BA, 48, DB, 9B, 00, E8, 86, F9, AC, FF, 68, 58, DB, 9B, 00, 6A, FF, 6A, 00, E8, B8, A7, A4, FF, 8B, D8, 85, DB, 74, 0C, E8, 55, A9, A4, FF, 3D, B7, 00, 00, 00, 75, 25, 6A, 00, 68, 6C, DB, 9B, 00, E8, D2, B2, A4, FF, 85, C0, 0F, 86, 8A, 00, 00, 00, 6A, 00, 6A, 00, 68, 37, 80, 00, 00, 50, E8, 73, B6, A4, FF, EB, 79, 8B... 
[+]

Entropy:

6.8937

Developed / compiled with:

Microsoft Visual C++

Code size:

5.7 MB (6,012,928 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

TK8 StickyNotes

Command:

"C:\Program Files\tk8 stickynotes\tk8stickynotes.exe"

Scan tk8stickynotes.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.