64fsu51.exe

File Scavenger

QueTek Consulting Corporation

Publisher:
QueTek Consulting Corporation  (signed and verified)

Product:
File Scavenger

Description:
File Scavenger (R) - Premium data recovery tool

Version:
5.1.3.0

MD5:
805c4fe2f30524f1b2502309c7b917b5

SHA-1:
1c5224c412b162d6695e7c4dadae6810989bb0f9

SHA-256:
7709d9f0d126ea5f2f8c3c9e83de72aa0b2c57bbb4e3630a2a5f41732ae279a5

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 7:42:46 PM UTC  (today)

File size:
4.6 MB (4,837,440 bytes)

Product version:
5.1.3.0

Copyright:
Copyrights (c) 1998-2015 QueTek Consulting Corporation. All rights reserved.

Trademarks:
File Scavenger

Original file name:
FileScav.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\64fsu51.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
11/2/2015 12:00:00 AM

Valid to:
11/3/2016 11:59:59 PM

Subject:
CN=QueTek Consulting Corporation, OU=SALES, O=QueTek Consulting Corporation, L=Houston, S=Texas, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
4104787EF6EF6B6FABBF062883271464

File PE Metadata
Compilation timestamp:
11/17/2015 10:18:28 AM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:tnYSkAOpqh4p7Sh0EjgiJ03JWQfvGM0Vh4I/mZ864zIzwSLYsDJPnVmIM50uzmol:WHVeeAK8EJBfqzmoBLbY3cvxC2

Entry address:
0x275718

Entry point:
48, 83, EC, 28, E8, 87, EB, 00, 00, 48, 83, C4, 28, E9, 36, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, D9, 49, 8B, F0, 48, 8B, FA, 4D, 85, C9, 75, 04, 33, C0, EB, 56, 48, 85, C9, 75, 15, E8, 25, 4B, 00, 00, BB, 16, 00, 00, 00, 89, 18, E8, FD, F4, 00, 00, 8B, C3, EB, 3C, 4D, 85, C0, 74, 12, 48, 3B, D3, 72, 0D, 4C, 8B, C3, 48, 8B, D6, E8, F4, 10, 00, 00, EB, CB, 4C, 8B, C2, 33, D2, E8, 68, 16, 00, 00, 48, 85, F6, 74, C5, 48, 3B, FB, 73, 0C, E8, E5, 4A, 00, 00, BB...
 
[+]

Entropy:
6.4564

Code size:
2.7 MB (2,801,664 bytes)

The file 64fsu51.exe has been seen being distributed by the following URL.

Scan 64fsu51.exe - Powered by Reason Core Security