Able2Extract.PrnDisp.exe

Able2Extract

Investintech.com Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Able2Extract 10.0 Print Dispatcher’.
Publisher:
Investintech.com Inc.  (signed and verified)

Product:
Able2Extract

Description:
Print Dispatcher

Version:
10.0.6

MD5:
31995316e1b458a30719cf4f161a877d

SHA-1:
93da547331ce7a1a402fd738be32d0eacbc69301

SHA-256:
097b7d27a794e4bbde50ce19e6ad9b2bee4244efb875c8f11831c59f3de82d74

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/28/2024 2:37:10 AM UTC  (today)

File size:
5 MB (5,272,392 bytes)

Product version:
10.0.6

Copyright:
Copyright © 2000 - 2016 Investintech.com Inc.

Original file name:
Able2Extract.PrnDisp.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\investintech.com inc\able2extract 10.0\able2extract.prndisp.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
8/19/2014 7:00:00 PM

Valid to:
10/18/2017 6:59:59 PM

Subject:
CN=Investintech.com Inc., O=Investintech.com Inc., L=Toronto, S=Ontario, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6A1CA0035869752FEDB70357DD081EAA

File PE Metadata
Compilation timestamp:
1/28/2016 5:43:57 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:r8gJRrtOVRAztxZZjQbEXoKe7FZrjo2j3+9:rWRAzAko57FZnos3+9

Entry address:
0x1C2860

Entry point:
E8, CE, 06, 00, 00, E9, 63, FD, FF, FF, FF, 25, 78, C3, 71, 00, FF, 25, 80, C3, 71, 00, 6A, 10, 68, 78, 84, 7E, 00, E8, FE, 03, 00, 00, 33, C0, 89, 45, E0, 89, 45, FC, 89, 45, E4, 8B, 45, E4, 3B, 45, 10, 7D, 13, 8B, 75, 08, 8B, CE, FF, 55, 14, 03, 75, 0C, 89, 75, 08, FF, 45, E4, EB, E5, C7, 45, E0, 01, 00, 00, 00, C7, 45, FC, FE, FF, FF, FF, E8, 08, 00, 00, 00, E8, 05, 04, 00, 00, C2, 14, 00, 83, 7D, E0, 00, 75, 11, FF, 75, 18, FF, 75, E4, FF, 75, 0C, FF, 75, 08, E8, E0, FB, FF, FF, C3, 50, 64, FF, 35, 00...
 
[+]

Code size:
3.1 MB (3,254,272 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Able2Extract 10.0 Print Dispatcher

Command:
C:\Program Files\investintech.com inc\able2extract 10.0\able2extract.prndisp.exe


Scan Able2Extract.PrnDisp.exe - Powered by Reason Core Security