home

MoodEditor.exe

PAMELA

Scendix Software-Vertriebsges. mbH

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘MoodEditor.exe’. This is installed with Pamela RME 2.0. The file has been seen being downloaded from download1750.mediafire.com and multiple other hosts.
Publisher:
Scendix Software-Vertriebsges. mbH

Product:
PAMELA

Description:
RichMood Editor Extra

Version:
2.1.0.1

MD5:
1dd76bf49d6fa5fc87f20da7d766d3a2

SHA-1:
16268e59ddacc848e2905149fd5d4369e2164fb4

SHA-256:
0bca82a491baaa1e23bdee2a0f16c282e5dd670103de51bd278ff18bcc24b24b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 7:53:43 PM UTC  (today)

File size:
1001 KB (1,025,024 bytes)

Product version:
2.1.0.1

Copyright:
Copyright 2004-2011. Scendix Software-Vertriebsges. mbH.

Trademarks:
Scendix Software-Vertriebsges. mbH

Original file name:
MoodEditor.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\pamela richmood editor\moodeditor.exe

File PE Metadata
Compilation timestamp:
8/12/2011 7:59:11 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:yLOP8AyyHH8EyZNB1KmDS85IBc42dWmIETjw3xjRjbcwyQ0E4+OARhn22JV4V4VP:ySPLwN3vIEvgcwy1ExOADbnlt

Entry address:
0x44853

Entry point:
E8, 18, 6D, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 14, 75, 20, E8, 30, 14, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, B8, 13, 00, 00, 83, C4, 14, 83, C8, FF, E9, C5, 00, 00, 00, 56, 8B, 75, 0C, 57, 8B, 7D, 10, 3B, FB, 74, 24, 3B, F3, 75, 20, E8, 00, 14, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 88, 13, 00, 00, 83, C4, 14, 83, C8, FF, E9, 93, 00, 00, 00, C7, 45, EC, 42, 00, 00, 00, 89, 75, E8, 89, 75, E0, 81, FF, FF, FF, FF, 3F, 76, 09, C7...
 
[+]

Entropy:
6.1461

Code size:
350 KB (358,400 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MoodEditor.exe

Command:
"C:\Program Files\pamela richmood editor\moodeditor.exe"


The file MoodEditor.exe has been discovered within the following program.

Pamela RME 2.0  by Scendix Software GmbH
About 1% of users remove it
 
Powered by Should I Remove It?

The file MoodEditor.exe has been seen being distributed by the following 26 URLs.

http://download1750.mediafire.com/w688z189h2qg/.../MoodEditor.exe

http://download1468.mediafire.com/025j25re3sdg/.../MoodEditor.exe

http://download1477.mediafire.com/98yz81zc10fg/.../MoodEditor.exe

http://download1763.mediafire.com/jdgf17a65rsg/.../MoodEditor.exe

http://download1750.mediafire.com/qel58jq662ug/.../MoodEditor.exe

http://download1763.mediafire.com/zm5o28ylnhhg/.../MoodEditor.exe

http://download1665.mediafire.com/dc920p4hg4dg/.../MoodEditor.exe

http://download1750.mediafire.com/1n8ple9tc4eg/.../MoodEditor.exe

http://download1750.mediafire.com/11vurp0080sg/.../MoodEditor.exe

http://download1750.mediafire.com/gfwgm67i1hrg/.../MoodEditor.exe

http://download1477.mediafire.com/rr4hz50spqfg/.../MoodEditor.exe

http://download1750.mediafire.com/btgb0j0ubhcg/.../MoodEditor.exe

http://download1451.mediafire.com/i8959pwb65cg/.../MoodEditor.exe

https://mega.nz/temporary/.../soZGwRqT

http://download1750.mediafire.com/n94m847o8ohg/.../MoodEditor.exe

http://download1750.mediafire.com/kpzdgsnvmcug/.../MoodEditor.exe

http://download1451.mediafire.com/qy8c9n3hbx4g/.../MoodEditor.exe

http://download1763.mediafire.com/geexybuws5wg/.../MoodEditor.exe

http://download1451.mediafire.com/b2raa73f94jg/.../MoodEditor.exe

http://download976.mediafire.com/c4z23fuyckbg/.../MoodEditor.exe

http://download1451.mediafire.com/dbn1zhmmnceg/.../MoodEditor.exe

http://download1468.mediafire.com/xk7xwbt2kzvg/.../MoodEditor.exe

http://download1851.mediafire.com/tfv6cndenx2g/.../MoodEditor.exe

http://download1851.mediafire.com/0a337aldb0pg/.../MoodEditor.exe

http://download1851.mediafire.com/q2ljptf2eidg/.../MoodEditor.exe

http://199.91.153.135/8u46u1hcuisg/.../MoodEditor.exe

Scan MoodEditor.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.