» datarescueprofessional.exe
Overview
Analysis
File Details
Downloads (13)

datarescueprofessional.exe

DataRescueProfessional

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from en.softonic.com and multiple other hosts.

File name:

Publisher:

DataRescueProfessional

Product:

DataRescueProfessional

Description:

DataRescueProfessional Setup

Version:

3.2.0.101

MD5:

21b7f98e29d400fa8a82046574aef6f3

SHA-1:

4226793f6194e013c4a2f0b3941b7d8623d77f17

SHA-256:

51c6763cb513452f87221a58a005638ec6c41dd2bd3c87babc39171d44e0e2ca

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

11/23/2024 4:57:31 PM UTC (today)

Scan engine

Detection

Engine version

Qihoo 360 Security

HEUR/QVM06.1.Malware.Gen

1.0.0.1120

File size:

1.7 MB (1,746,521 bytes)

Product version:

3.2.0.101

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\datarescueprofessional.exe

File PE Metadata

Compilation timestamp:

6/20/1992 3:52:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:O9/DNm7gY8YUhvoPVC8dZGqrLLrjTSTCwp1Nvmu5q:o/DNm7bUA91P3XC/Y0q

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9451

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file datarescueprofessional.exe has been seen being distributed by the following 13 URLs.

http://en.softonic.com/sads/tracker.php?ev=c&co=IN&sid=55cc4180bdd9f6900cf15a3f6fd1b5a5&upv=90ca2566605d6cc798550e446c2dfdf1&z=results&sk=0&abp=0&params=F39B2A32BFC101987B1458170C278E032123FF0E09F5565AD6A3C9E074A2DA098D8A318D5BE1076F36EF168AEBDD85F5AE938BF0B25E139BF9C0182CF237293F3DD50E747ED36C4D9F35AE45E7E7BAD68998F24423F273CC3BC0C8B6DDA209B47242801D72203C7A77E69BF065C8D55694F0C4669C470F920CFDCA670D195825B7123DFE1E531E0808C768A7A33446972F11954E1F8450017ABCDF689E7623BBD9520D3E3BC521DA4655EC9D500A5C6A&h=045786E70D10A32CE5D9B36ED0393CDFBD160DB5546E1D5D0AE2C0A829808F37&directdownload=1&f=69711709&d=http://datarescueprofessional.com/.../DataRescueProfessional.exe

http://gsf-cf.softonic.com/422/679/.../DataRescueProfessional.exe

http://en.softonic.com/sads/tracker.php?ev=c&co=SA&sid=dcd5281a51a61101fffe73423a5e0acc&upv=b4ac7d29d9a9ab651eed05639a90c2a9&z=results&sk=0&abp=0&abt=1&eid=SWH-1830&params=F39B2A32BFC101987B1458170C278E032123FF0E09F5565AD6A3C9E074A2DA098D8A318D5BE1076F36EF168AEBDD85F5AE938BF0B25E139BF9C0182CF237293F432707D2FFF5463F5B0904557F394D348AC148E1FF77159FD1666F591ADEF5B7144103FE64EABB0B03B32AC1C8A6A80E14508043A0C4C8FB1FCF980349611502BE4A4F5226DC4F46676392DFA10C8D86B53252245051E5A9BAD9E1E96619006B46367BE9E9BF3AA561601BE26CEE65EB&h=CEAC97DADEDE598DBA643A06495EB6AF95E200742636A5E6A7F651B90052E0D9&directdownload=1&f=69711709&d=http://datarescueprofessional.com/.../DataRescueProfessional.exe

http://en.softonic.com/sads/tracker.php?ev=c&co=IN&sid=2b83d4440ac0db4b93f69fe667356bb2&upv=202647732a032c0ccd321cd967e7bee4&z=results&sk=0&abp=0&params=F39B2A32BFC101987B1458170C278E032123FF0E09F5565AD6A3C9E074A2DA098D8A318D5BE1076F36EF168AEBDD85F5AE938BF0B25E139BF9C0182CF237293F6DB91FE0D6E8A66B9F563A84B26CDC8D719403ACE55EA3133AFE138690054F2B95C7733829E35F4E1422B6FE1384587E8C169AD8EBCD6DB27435C2574134B398F958949BAE0D2F5EEC8FADB93D23BF78A92666898B0F4469EE3BC95A1EFBA540FBCE5D99F56DFA8CE84EFFF8D360D716&h=E0A168CF4BDAEEE2B65C1DCAE0756C3103BCF51BD77F16C140FB14F352F59EC3&directdownload=1&f=69711709&d=http://datarescueprofessional.com/.../DataRescueProfessional.exe

http://en.softonic.com/sads/tracker.php?ev=c&co=IN&sid=81bb7b71f8b8860fc37d67ac7adce0a5&upv=2fba5f691cab19d512efda2fd953c667&z=results&sk=0&abp=0&abt=5&eid=SWH-2097EN&params=F39B2A32BFC101987B1458170C278E032123FF0E09F5565AD6A3C9E074A2DA098D8A318D5BE1076F36EF168AEBDD85F5AE938BF0B25E139BF9C0182CF237293F3DD50E747ED36C4D9F35AE45E7E7BAD68998F24423F273CC3BC0C8B6DDA209B44629F20316B471CEE1769765215DF7A1AC2E95E613483413BB02D54CBA6274C4E58CAE428E9D3AEC80453FD0233AAA9E2076A887D8C92CE46D24E3C39A81DAF3F499A6E3AFAE1C9C256DCFCDF8862E24&h=D66EB69431724E51993559BD505BF42FD9FAFBDCE81E7450D021AAFE6B5ED6B2&directdownload=1&f=69711709&d=http://datarescueprofessional.com/.../DataRescueProfessional.exe

http://en.softonic.com/sads/tracker.php?ev=c&co=IN&sid=8c5984bd9eddc9a258ec3a30be6bd099&upv=9efa989bece02c8a7de4714e2ef2e64c&z=results&sk=0&abp=0&params=F39B2A32BFC101987B1458170C278E032123FF0E09F5565AD6A3C9E074A2DA098D8A318D5BE1076F36EF168AEBDD85F5AE938BF0B25E139BF9C0182CF237293F432707D2FFF5463F5B0904557F394D348AC148E1FF77159FD1666F591ADEF5B70D1ED2F502AF9969777E32B9B480097EEA06DEF193D6318E7C45C50AFAAC4A1F47A71C6B081A6DFF29F19C92003BA821811DBED48A5DC36433B407426F37F1EA51767661D4304A726FF439FE324AAD5D&h=175E354FFD66ACFB216332ECCAA240FDD6BF76368BFFB8E3BFF3DB50134E2554&directdownload=1&f=69711709&d=http://datarescueprofessional.com/.../DataRescueProfessional.exe

http://en.softonic.com/sads/tracker.php?ev=c&co=IN&sid=9d9fa041444f12522eb9f06f2331f1a6&upv=8028a9afd72e678feb8d0dcee1e99d41&z=download-cpd&sk=666&abp=0&params=F39B2A32BFC101987B1458170C278E032123FF0E09F5565AD6A3C9E074A2DA091C37C8825E09746CF34E2DEB6FD204DDBC22429F6F078ED2BBA5EA034684A15A039532FE088887AC9E9991B7900DE3D695CC6D863FDE6AA9BA3E1CE11E551603285B042CB52DFC0C54FD2F332F885374CDCE264446FEA93240BDFB03438CF4DEF447F686CC19BB8775AC9C7284920144390FAD2E7B7D9F6769CDC748B8A57859&h=B63F72FD9615D6D0EED69B85764AC1E4332CB6C83C4A434AE0DAC8A14A01EA66&directdownload=1&f=69711709&d=http://datarescueprofessional.com/.../DataRescueProfessional.exe

http://datarescueprofessional.com/.../DataRescueProfessional.exe

http://en.softonic.com/sads/tracker.php?ev=c&co=IN&sid=a3e17e5eaaedfa968a483fe605dab7b0&upv=c2b18ce4adab493c7a42fe35beacfdf3&z=results&sk=0&abp=0&params=F39B2A32BFC101987B1458170C278E032123FF0E09F5565AD6A3C9E074A2DA098D8A318D5BE1076F36EF168AEBDD85F5AE938BF0B25E139BF9C0182CF237293F432707D2FFF5463F5B0904557F394D348AC148E1FF77159FD1666F591ADEF5B78B4D46476E5FC5E597F5F7FAFAA65D1F88B14063629817CB51B3832A39E31D773B088DADA53A97568040519D10EC3B203F0F76C82C77A2140ED1A59701EAF42100DD3DAC7FA9EE8CAD7065D9ABD0AB48&h=832F90C651620895F619FD38D9E06DF5A164C8B3A857F1A6FDB157E6653E8F72&directdownload=1&f=69711709&d=http://datarescueprofessional.com/.../DataRescueProfessional.exe

http://en.softonic.com/sads/tracker.php?ev=c&co=IN&sid=8be96c8be464a81622a51de09a57bbb0&upv=0651da907cf5ac2308c24959c2fd7f9f&z=results&sk=0&abp=0&params=F39B2A32BFC101987B1458170C278E032123FF0E09F5565AD6A3C9E074A2DA098D8A318D5BE1076F36EF168AEBDD85F5AE938BF0B25E139BF9C0182CF237293F6DB91FE0D6E8A66B9F563A84B26CDC8D719403ACE55EA3133AFE138690054F2BCABADAD80A47EB10A5591B305B1EC8FF57AC25204E69BDD005582DFED71D7833EED3B4616907AB3FDF9F5AAA7A4942692B252CA640AF95E2DC53A34D8AD604D635820A310FD6C7876026498E9CBE1F5E&h=3A5286554324546EBC77236A380A8E72D60D83128BE1B5766E420F61ECB8ED86&directdownload=1&f=69711709&d=http://datarescueprofessional.com/.../DataRescueProfessional.exe

http://en.softonic.com/sads/tracker.php?ev=c&co=IN&sid=34f7501267287e950e0b1b894572ac19&upv=16d79395123d7fc460bd2f04e882fb46&z=results&sk=0&abp=0&params=F39B2A32BFC101987B1458170C278E032123FF0E09F5565AD6A3C9E074A2DA098D8A318D5BE1076F36EF168AEBDD85F5AE938BF0B25E139BF9C0182CF237293F432707D2FFF5463F5B0904557F394D348AC148E1FF77159FD1666F591ADEF5B7D66F9914BB86062386312ED98F34927D5148A6387BF5BF992EE2894CBD040D4024AC995B1CEE887EC84B07B62E36804D9A8A84AE2D8B9E066EB35FF7FE9249AFC6D31E0D0912BF19FBEFE08E9F5D7166&h=38D70DB534F5BF44F0849567835B323306207A1FC052BBDB80781887750793A4&directdownload=1&f=69711709&d=http://datarescueprofessional.com/.../DataRescueProfessional.exe

http://en.softonic.com/sads/tracker.php?ev=c&co=IN&sid=1a265c69a245bec8c1d0cd3b57ec0fae&upv=ec1d7b84d84687f31cfe756a6f456e06&z=results&sk=0&abp=0&params=F39B2A32BFC101987B1458170C278E032123FF0E09F5565AD6A3C9E074A2DA098D8A318D5BE1076F36EF168AEBDD85F5AE938BF0B25E139BF9C0182CF237293F432707D2FFF5463F5B0904557F394D348AC148E1FF77159FD1666F591ADEF5B70AD23117B422948A8554C86E77A32F8DE261F30C324DB81801AC015A45F552B927ABA4BEF1653FD9D161572096FD5C933CB39EA837A6212F7D820D8A339425D81D04E291206B2DBA22502980063573CB&h=16F67C7BB9F30E07DA66D72E2A48DBCF330BAD4B0624FCE1C941406B75466E73&directdownload=1&f=69711709&d=http://datarescueprofessional.com/.../DataRescueProfessional.exe

http://en.softonic.com/sads/tracker.php?ev=c&co=CH&sid=3462512bee5fade23920457f663e7ea9&upv=7e6f497539986f25c9cf95f1120c44fb&z=results&sk=0&abp=1&abt=1&eid=SWH-1830&params=F39B2A32BFC101987B1458170C278E032123FF0E09F5565AD6A3C9E074A2DA093675831985D27C86F886968A58280ADAD50F15554004C8AD51A5C0F3C191F56DB79746AF7071C29A1C35299447E1675E9A019A1FE05ECFF4731F9CED164D294F9BFDDEE8ADBC7EE383866E4DFAA0FFEEE30CD954D9BAD70B7F6DA3CD02905DBF370FF109DA7745DF9F9CBF1D6EE6EFC08B47D15CAAF3C175E76BCBBF67264AE64A693D07AD768BF381D9FA54798CA7C8&h=AF4154CD18B0366EF7E015EEF1CFA56AF4E8E69C7059CC38C19213F5CF16A657&directdownload=1&f=69711709&d=http://datarescueprofessional.com/.../DataRescueProfessional.exe

Scan datarescueprofessional.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.