iphonecareprotrial503.exe

Tenorshare Co.,Ltd.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is installed with Free iPhone Care. The file has been seen being downloaded from www.google.com and multiple other hosts.
Publisher:
Tenorshare Co.,Ltd.  (signed and verified)

MD5:
a57d8c0098fd56e674190f782bfbcf3d

SHA-1:
24d654117cac561ba526d16e71d3b2217d07882f

SHA-256:
1c80fdcd0730443e0e09091bc2256d60b53fd737554d415896cdcf5217583a16

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 10:40:24 PM UTC  (today)

File size:
22.5 MB (23,591,968 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\iphonecareprotrial503.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
5/8/2015 2:00:00 AM

Valid to:
6/7/2018 1:59:59 AM

Subject:
CN="Tenorshare Co.,Ltd.", O="Tenorshare Co.,Ltd.", L=Shenzhen, S=Guangdong, C=CN

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
10FC1E4BBBCFBBB7AE844EA450CAF1F3

File PE Metadata
Compilation timestamp:
8/5/2015 2:46:33 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:BWUjUqioNxJa/nAixANtnFFha8AkrmlB4yI5kenVqXWCWbdIuifgEeiN+gmzU:oUULIXaoiiNx5msnnp3bdIuifReiN+HA

Entry address:
0x30E2

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 90, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 1C, 71, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 09, A3, 78, E4, 42, 00, E8, ED, 2D, 00, 00, A3, C4, E3, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, 00, 88, 42, 00, FF, 15, 64, 71, 40, 00, 68, 80, 91, 40, 00, 68, C0, DB, 42, 00, E8, 97, 2A, 00, 00, FF, 15, 20, 71, 40, 00, BD, 00, 40, 43, 00, 50, 55, E8, 85, 2A...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
24 KB (24,576 bytes)

The file iphonecareprotrial503.exe has been discovered within the following program.

Free iPhone Care  by Tenorshare, Inc.
www.tenorshare.com
26% remove it
 
Powered by Should I Remove It?

The file iphonecareprotrial503.exe has been seen being distributed by the following 5 URLs.

https://www.google.com/url?hl=it&q=http://dl.mycommerce.com/wgt/9ae15daa864bfb4c/1500a603f3a2e7f2e6384fa158c8ce0d5852edca01a8f681b01f45748d095153/.../iPhoneCareProtrial503.exe&source=gmail&ust=1464720686384000&usg=AFQjCNEEeicLNnn9LpFRJtNbyaGuS2tjpg

https://www.google.com/url?hl=en&q=http://dl.mycommerce.com/wgt/9ae15daa864bfb4c/b0ba5da7c3f7aa7510b27a98af7635448100bdc5fda37a6db01f45748d095153/.../iPhoneCareProtrial503.exe&source=gmail&ust=1465751349545000&usg=AFQjCNGsYLQmnBvEonwWZb8zL7PxxD8W2w

http://files.downloadnow.com/s/software/14/68/79/.../iPhoneCareProtrial503.exe

Scan iphonecareprotrial503.exe - Powered by Reason Core Security