» easyprint fotosoftware.exe
Overview
Analysis
File Details
Downloads (1)

easyprint fotosoftware.exe

Easyprint Fotosoftware

Unitedprint.com SE

The application easyprint fotosoftware.exe, “Easyprint Fotosoftware Setup ” by Unitedprint.com SE has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from editorv1.infowerk.de.

File name:

Publisher:

unitedprint.com SE (signed by Unitedprint.com SE)

Product:

Easyprint Fotosoftware

Description:

Easyprint Fotosoftware Setup

MD5:

247fc632bb4fa1898c45fc4c4d04396e

SHA-1:

9d53957355cfbc17f0464a665c3ab24cc0e228f9

SHA-256:

514ff25d02850c316ad5e16136990359fb07eba78be5cee8c110a88af8f6f92a

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

1/15/2025 2:48:44 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.CSH (L)

16.12.7.10

File size:

49 MB (51,370,864 bytes)

Product version:

4.9.11

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\easyprint fotosoftware.exe

Digital Signature

Signed by:

Unitedprint.com SE

Authority:

COMODO CA Limited

Valid from:

4/6/2016 2:00:00 AM

Valid to:

4/7/2017 1:59:59 AM

Subject:

CN=Unitedprint.com SE, O=Unitedprint.com SE, STREET=Friedrich-List-Straße 3, L=Radebeul, S=Saxony, PostalCode=01445, C=DE

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

6C526812F060C15E08AD6F1FD5688B84

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file easyprint fotosoftware.exe has been seen being distributed by the following URL.

http://editorv1.infowerk.de/installer/.../Easyprint Fotosoftware.exe

Remove easyprint fotosoftware.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.