home

badcopy.exe

BadCopy Pro

Jufsoft

This is a setup program which is used to install the application. The file has been seen being downloaded from lc03381-dvfipsioem.app01-14.logmein.com.
Publisher:
Jufsoft  (signed and verified)

Product:
BadCopy Pro

Description:
BadCopy - Disk & CD/DVD & Digital Media Data Recovery Software

Version:
4.1.0.0

MD5:
e6f83033745a90bed790a3e6b273d60c

SHA-1:
64b4bece085a2deffa53ad5be24217951f70e08f

SHA-256:
f1be230e9ad4e02fe10929c8762b3a083ae1a6353dbaeedeea8be0bd4d9bfaf1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 11:30:10 AM UTC  (today)

File size:
587 KB (601,072 bytes)

Product version:
4.1.0.0

Copyright:
(C)Copyright Jufsoft 1996-2007, Liang Ren

Trademarks:
badcopy

Original file name:
badcopy.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\badcopy\badcopy.exe

Digital Signature
Signed by:
Jufsoft

Authority:
The USERTRUST Network

Valid from:
2/28/2006 2:00:00 AM

Valid to:
2/29/2008 1:59:59 AM

Subject:
CN=Jufsoft, O=Jufsoft, STREET=P.O.Box 16-25, L=Nanjing, S=Jiangsu, PostalCode=210016, C=CN

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00B2034DDFD33C4C10A3FA403911E4F24B

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:jJ1370BZ5PWAwTjHjzHOjhWy+zuRf0v6b7MP+Dd2Cz:737OXPW9jHHShJo3W7MP+h2Cz

Entry address:
0x1000

Entry point:
68, 01, 30, BF, 00, E8, 01, 00, 00, 00, C3, C3, B1, 66, 4F, 2B, 93, 72, 75, BB, CB, 86, A1, 88, C9, B8, E2, 62, A9, 05, B4, 22, DF, 64, F8, 0C, D9, 64, BF, E1, CE, C5, 3B, E4, E2, 16, 9A, F9, E3, 4C, 52, 85, C8, FC, 8B, 68, DE, 83, 7A, 8C, 53, C7, 71, 36, DA, 9F, 70, 32, E9, B2, A2, 6F, 6A, 1D, B8, 38, AC, 3A, BF, 27, B1, FE, 47, 71, 89, 00, F4, 09, CD, 44, 4E, 53, 18, 44, 47, F3, A7, 01, 9A, E1, 8E, 9F, 55, 19, 68, C4, B0, 1F, DE, 25, 03, B4, 9E, EB, 86, D8, AF, 1A, 65, CD, 8E, A4, D5, E7, C8, D3, 28, 46...
 
[+]

Entropy:
7.9623

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
903.5 KB (925,184 bytes)

The file badcopy.exe has been discovered within the following program.

Run_Dregol  by Run_Dregol
Identified as a version of the CMI/ConvertAd family of malware ad-injectors, this adware which is typically bundled with third-party applications in unwanted software bundles will hijack the user's browser (Internet Explorer, Chrome and Firefox) and display unwanted ads.
80% remove it
 
Powered by Should I Remove It?

The file badcopy.exe has been seen being distributed by the following URL.

https://lc03381-dvfipsioem.app01-14.logmein.com/download/.../01_yrYEucBbVJSI0hT49ExX6xmFjNQqb6ddWJR-C9GV?gatewaychecked=1&rawtnl=151585388_0

Scan badcopy.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.