home

cardrecovery_setup.exe

CardRecovery

WinRecovery Software

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.cardrecovery.com.
Publisher:
WinRecovery Software

Product:
CardRecovery

Description:
Memory Card Data Recovery Software

Version:
6.1.0.0

MD5:
31f39de678380b0a1c9c999534239719

SHA-1:
3980d70ef3ecc177caf88c6059be545cad7ac7fe

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 6:05:18 PM UTC  (today)

File size:
898.3 KB (919,880 bytes)

Product version:
6.1.0.0

Copyright:
©Copyright 2012, WinRecovery Software

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\My documents\downloads\cardrecovery_setup.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:onaLy9XLXHGqFge237Uzkd2PNAOydBPa35SN4d44rLaNCQo:oaebXhge23lsPNWbo5W4xLoC1

Entry address:
0x9C40

Entry point:
89, D3, 3B, D7, FE, C8, 81, F8, 1B, EB, 9E, 5F, 89, EE, 88, C2, 81, C9, 1C, B5, 08, 9B, 8A, DB, C7, C3, 99, AE, B6, D3, 86, E7, 19, DB, 8A, C1, 68, 13, 7C, 08, 00, 8B, C8, 81, D0, 37, 98, C7, 4B, 85, F9, 5A, 85, E9, C6, C7, 84, 84, FD, 81, F2, CB, E9, 08, 00, FF, C8, 33, EA, 0F, BE, DA, 8D, 35, A0, A0, 0E, 54, 0F, AF, DA, C6, C4, 19, FE, CB, 71, 06, 69, F9, E4, F0, 86, 68, 33, C8, 19, F8, 51, 3D, CA, F1, 00, 00, 78, 0A, 1C, 42, 31, FF, 8D, 0D, 10, 71, 84, E3, E8, 00, 00, 00, 00, 8D, 05, F7, 34, 18, 17, 0F...
 
[+]

Entropy:
7.9770  (probably packed)

Code size:
37 KB (37,888 bytes)

The file cardrecovery_setup.exe has been seen being distributed by the following URL.

http://www.cardrecovery.com/.../cardrecovery_setup.exe

Scan cardrecovery_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.