64fsnl52.exe

File Scavenger

QueTek Consulting Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from www.nl.quetek.com.
Publisher:
QueTek Consulting Corporation  (signed and verified)

Product:
File Scavenger

Description:
File Scavenger (R) - Premium data recovery tool

Version:
5.1.3.0

MD5:
5cf015edd8b2b573a710b1509b8de497

SHA-1:
a748a16045f3bcea77eaea3c5864da73a799da9f

SHA-256:
15e2dfa0839f1fb5175ac8071a8a9912a2ac0b52c5c6d5cad53d832e6002d3a6

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 7:54:34 PM UTC  (today)

File size:
4.5 MB (4,725,312 bytes)

Product version:
5.1.3.0

Copyright:
Copyrights (c) 1998-2015 QueTek Consulting Corporation. All rights reserved.

Trademarks:
File Scavenger

Original file name:
FileScav.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\64fsnl52.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
11/2/2015 1:00:00 AM

Valid to:
11/4/2016 12:59:59 AM

Subject:
CN=QueTek Consulting Corporation, OU=SALES, O=QueTek Consulting Corporation, L=Houston, S=Texas, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
4104787EF6EF6B6FABBF062883271464

File PE Metadata
Compilation timestamp:
4/1/2016 2:20:57 AM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:3R7qLFfOJ+pC2mt8b/VMo1n7u9ZmsU1S4oMe1SN9BtgoS6Rl2mYeaalMyPyiNxNL:R3ptjg00nxlMyPyM/Bm1EGKB/jPP

Entry address:
0x277138

Entry point:
48, 83, EC, 28, E8, 87, EB, 00, 00, 48, 83, C4, 28, E9, 36, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, D9, 49, 8B, F0, 48, 8B, FA, 4D, 85, C9, 75, 04, 33, C0, EB, 56, 48, 85, C9, 75, 15, E8, 25, 4B, 00, 00, BB, 16, 00, 00, 00, 89, 18, E8, FD, F4, 00, 00, 8B, C3, EB, 3C, 4D, 85, C0, 74, 12, 48, 3B, D3, 72, 0D, 4C, 8B, C3, 48, 8B, D6, E8, F4, 10, 00, 00, EB, CB, 4C, 8B, C2, 33, D2, E8, 68, 16, 00, 00, 48, 85, F6, 74, C5, 48, 3B, FB, 73, 0C, E8, E5, 4A, 00, 00, BB...
 
[+]

Code size:
2.7 MB (2,808,320 bytes)

The file 64fsnl52.exe has been seen being distributed by the following URL.

http://www.nl.quetek.com/.../64fsnl52.exe

Scan 64fsnl52.exe - Powered by Reason Core Security