easeus.data.recovery.wizard.8.0.0-patch.exe

The application easeus.data.recovery.wizard.8.0.0-patch.exe has been detected as a potentially unwanted program by 24 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dl8.fileswap.com.
MD5:
971cc5a9e173ceef2210d5f8da701ba0

SHA-1:
c7c43e66e2e1694e726fdd5a6bc871ae36e38775

SHA-256:
f42d9b3b7b9ea8f8d2186e70a4fe28bdf40ae27f1816132e4a073534f6fc5917

Scanner detections:
24 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 7:26:47 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Application.Patch.FM
818

Agnitum Outpost
Riskware.HackTool
7.1.1

AhnLab V3 Security
Packed/Win32.Morphine
2014.11.05

avast!
Win32:Patcher-AK [PUP]
2014.9-141109

AVG
Crack
2015.0.3296

Baidu Antivirus
Hacktool.Win32.Patcher
4.0.3.14119

Bitdefender
Dropped:Application.Patch.FM
1.0.20.1565

Comodo Security
TrojWare.Win32.Agent.WFN
19997

Dr.Web
Tool.Patcher.136
9.0.1.0313

ESET NOD32
Win32/HackTool.Patcher.AD (variant)
8.10671

Fortinet FortiGate
Riskware/GamePatcher
11/9/2014

F-Prot
W32/Agent.KFY
v6.4.7.1.166

F-Secure
Dropped:Application.Patch.FM
11.2014-09-11_1

G Data
Dropped:Application.Patch.FM
14.11.24

K7 AntiVirus
Trojan
13.185.13888

Malwarebytes
PUP.Riskware.Patcher
v2014.11.09.11

McAfee
RDN/Generic PUP.z!eb
5600.6952

MicroWorld eScan
Dropped:Application.Patch.FM
15.0.0.939

Qihoo 360 Security
Win32/Application.bbe
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.11.9.11

Sophos
Troj/Agent-WFN
4.98

Trend Micro House Call
TROJ_SPNR.0BGA14
7.2.313

Trend Micro
TROJ_SPNR.0BGA14
10.465.09

VIPRE Antivirus
Trojan.Win32.Agent.wfn
34520

File size:
126.5 KB (129,536 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\easeus.data.recovery.wizard.v8.0.0.unlimited.incl.patch-kindly\easeus.data.recovery.wizard.8.0.0-patch.exe

File PE Metadata
Compilation timestamp:
12/21/2012 9:59:46 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:3ySz4QDh4+t1spT0tzZvCXBcN7Cyg5GDatcrOpe:3Pz4GVtKpT0tzdCXutNsIMt

Entry address:
0x102B

Entry point:
E8, 07, 00, 00, 00, 6A, 00, E8, 05, 01, 00, 00, 55, 8B, EC, 81, C4, F4, FB, FF, FF, 56, 57, 53, 6A, 00, E8, 04, 01, 00, 00, A3, 30, 30, 40, 00, C7, 45, F8, 00, 00, 00, 00, 6A, 0A, 68, 00, 30, 40, 00, 6A, 00, E8, DE, 00, 00, 00, 0B, C0, 74, 21, 89, 45, FC, FF, 75, FC, 6A, 00, E8, FD, 00, 00, 00, 89, 45, F4, FF, 75, FC, 6A, 00, E8, E4, 00, 00, 00, 0B, C0, 74, 03, 89, 45, F8, 83, 7D, F8, 00, 74, 32, 6A, 04, 68, 00, 10, 00, 00, FF, 75, F4, 6A, 00, E8, D8, 00, 00, 00, 8B, F8, FF, 75, F4, FF, 75, F8, 57, E8, BE...
 
[+]

Code size:
512 Bytes (512 bytes)

The file easeus.data.recovery.wizard.8.0.0-patch.exe has been seen being distributed by the following URL.

Remove easeus.data.recovery.wizard.8.0.0-patch.exe - Powered by Reason Core Security