home

emltopstfull.exe

Kernel for EML to PST

Lepide Software Private Limited

The application emltopstfull.exe by Lepide Software Private Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.nucleustechnologies.com.
Publisher:
Lepide Software Pvt.Ltd.   (signed by Lepide Software Private Limited)

Product:
Kernel for EML to PST

Version:
15.8

MD5:
4b798b5b8d65ccb53940f9194fef8eae

SHA-1:
c409baca1d236b12289fce0ee5f6a3b0d7923605

SHA-256:
23a426b5ab8478d6a30415aa96625df05c158f7cd19db9bd5f396983f8c1e62d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/8/2024 11:54:02 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.CSH (L)
17.2.14.9

File size:
13.5 MB (14,202,712 bytes)

Product version:
15.8

Copyright:
Copyright © 2015 Lepide Software Pvt.Ltd. All rights reserved.

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\eml2pst\emltopstfull.exe

Digital Signature
Signed by:
Lepide Software Private Limited

Authority:
GlobalSign nv-sa

Valid from:
4/22/2015 11:37:46 AM

Valid to:
4/22/2018 11:37:46 AM

Subject:
CN=Lepide Software Private Limited, O=Lepide Software Private Limited, STREET="B-57, Sector 57", L=Noida, S=Uttar Pradesh, C=IN, OID.1.3.6.1.4.1.311.60.2.1.2=Delhi, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=U74899DL2005PTC143584, OID.2.5.4.15=Private Organization

Issuer:
CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112123367A63FFD214397D34199FF4D6A7C6

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9997

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file emltopstfull.exe has been seen being distributed by the following URL.

http://www.nucleustechnologies.com/.../dlbemltopst-home.php?token=b054871dbec822164cc006717db2f811

Remove emltopstfull.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.