» VisualStyler.exe
Overview
Analysis
File Details
Behaviors (1)

VisualStyler.exe

VisualStyler

SuperEasy Software GmbH & Co. KG

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Visual Styler’.

File name:

VisualStyler.exe

Publisher:

Ashampoo GmbH & Co. KG (signed by SuperEasy Software GmbH & Co. KG)

Product:

VisualStyler

Version:

1.0.0.0

MD5:

6f77b722204cadd83c42e8eceeed0bd3

SHA-1:

5d700bcb288c9cc4402c95282d3d0a265bbd0461

SHA-256:

09722a9378bfc2455ac5a51076e562b524bde9325f0e8f8ac32a3ed6d14b5fa7

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/27/2024 3:03:09 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Detection.Undefined

9.0.1.05190

File size:

4.4 MB (4,608,304 bytes)

Product version:

1.0.0.0

2007 Ashampoo GmbH & Co. KG

Original file name:

VisualStyler.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\jungle\vistaturbo\visualstyler.exe

Digital Signature

Signed by:

SuperEasy Software GmbH & Co. KG

Authority:

VeriSign, Inc.

Valid from:

1/28/2008 9:00:00 AM

Valid to:

1/28/2009 8:59:59 AM

Subject:

CN=SuperEasy Software GmbH & Co. KG, OU=www.supereasy.de, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SuperEasy Software GmbH & Co. KG, L=Dortmund, S=NRW, C=DE

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4ED981DD1FE22828FEA21D08351C523E

File PE Metadata

Compilation timestamp:

10/21/2008 1:35:56 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:SHxyJVFEGsJhawIgYIOExoaNTwkLJ1zuloUfeXK0ap2O66Bk/QA19A:SH0JVn6haRgWExoaZF1KloUsHjO6sK9A

Entry address:

0x1A5AB0

Entry point:

55, 8B, EC, 83, C4, E0, 53, 56, 57, 33, C0, 89, 45, E0, 89, 45, E8, 89, 45, E4, 89, 45, EC, B8, D4, 28, 5A, 00, E8, CF, 19, E6, FF, 33, C0, 55, 68, A8, 5C, 5A, 00, 64, FF, 30, 64, 89, 20, A1, C8, FD, 5A, 00, 8B, 00, E8, 4D, 5F, EA, FF, E8, 20, 39, F8, FF, A1, C8, FD, 5A, 00, 8B, 00, BA, C0, 5C, 5A, 00, E8, EF, 59, EA, FF, A1, 5C, FE, 5A, 00, BA, D4, 5C, 5A, 00, E8, 88, FB, E5, FF, A1, 80, FD, 5A, 00, BA, F8, 5C, 5A, 00, E8, 95, F3, E5, FF, 8B, 15, 80, FD, 5A, 00, 8B, 12, A1, C0, FA, 5A, 00, B9, 20, 5D, 5A... 
[+]

Entropy:

7.0473

Developed / compiled with:

Microsoft Visual C++

Code size:

1.6 MB (1,720,832 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Visual Styler

Command:

"C:\Program Files\jungle\vistaturbo\visualstyler.exe" -tray

Scan VisualStyler.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.