ntfsundelete_setup.exe

eSupport.com, Inc.

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from secure.esupport.com and multiple other hosts.
Publisher:
Copyright © 2015 eSupport.com • All Rights Reserved   (signed by eSupport.com, Inc.)

Description:
NTFS Undelete Setup

Version:
3.0.6.1019

MD5:
2baa00a7af06b43e0bcf99b58b8b1071

SHA-1:
8111f5e681e668d8ac3efb555f4586998a9acb35

SHA-256:
959e62cc6fa1f4984ddb98444588d398a96dcbf0d97a95334731650a58776322

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/24/2024 12:54:07 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Program.Unwanted.929
9.0.1.0306

File size:
2.6 MB (2,728,384 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
English (United States)

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
9/22/2015 5:11:47 PM

Valid to:
9/22/2018 5:11:47 PM

Subject:
CN="eSupport.com, Inc.", O="eSupport.com, Inc.", STREET=120 Water St, L=North Andover, S=MA, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Massachusetts, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=001030216, OID.2.5.4.15=Private Organization

Issuer:
CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121B5D4D579FE52C475C01E3DA626487F05

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:jGEeYzuFqPwUyueylrQ7XyRzcI5OoMff//KtHup3bAc5S5bGA8RT6Of:aeiUfQ7izcIOfn3p0v5bO3

Entry address:
0x98D8

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, EE, 97, FF, FF, E8, F5, A9, FF, FF, E8, 20, CC, FF, FF, E8, 67, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 82, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 38, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D4, BD, 40, 00, E8, 9F, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D4, BD, 40, 00, B2, 01, B8...
 
[+]

Entropy:
7.9969

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

The file ntfsundelete_setup.exe has been seen being distributed by the following 37 URLs.

http://secure.esupport.com/ea/click.php?id=UA-17667683-29&mvt=&aff=0&sid=8f1cdbbc36cb73c2da6073939f5327aa&src=http://www.ntfsundelete.com/download&href=/.../NTFSUndelete_setup.exe&lid=

http://dw15.uptodown.com/dwn/RkFk5HFguB5xL6R6RhgjoA9PT65ohPMsfArswKcxdVBkaDNlqtuYVZo1INRQh5W3bhTKxtlG2KURtrlHSjXL-8lML7qTbEhghOuM7Kl8m-OjyJ0NsT_UDKATGqIniCdk/GoqEG97yM8RcWCzxi2rgCVTeA7SFJdTLHIcja4TVXs5DRMm81hylgG6DsdNM1p-25ElBljg8lRjSGU3hOAcGLFtQSPc5V_9SzryJnojgjs42dgRnxmhI9XZ9O9zTms8O/qMVSN3086p-o46NtUZIi7cEaAni6nSa9NTgQa61VrzlueYEw4mM5nREkiLiPStbSwLHC4qzCAvNmxvBHdaWxoGxQHY4O3aAM8VkEH_gk2yQX22WUy3vhtPYZvsijjXKM/.../ntfs-undelete-3-0-6-1019-en-win.exe

http://secure.esupport.com/ea/click.php?id=UA-17667683-29&mvt=&aff=0&sid=c8699b2d86728c408de8ad710fecfbc4&src=http://www.ntfsundelete.com/download&href=/.../NTFSUndelete_setup.exe&lid=

https://download.heise.de/software/514c37dfc31facaf42c256dfdb74f243/582ee067/.../ntfsundelete_setup_1253.exe

http://secure.esupport.com/ea/click.php?id=UA-17667683-29&mvt=&aff=0&sid=40b2601657566824787ed753dedd57bd&src=http://www.ntfsundelete.com/download&href=/.../NTFSUndelete_setup.exe&lid=

http://secure.esupport.com/ea/click.php?id=UA-17667683-29&mvt=&aff=0&sid=b61d568bcdb8eacb3e607746d38a5786&src=http://www.ntfsundelete.com/download&href=/.../NTFSUndelete_setup.exe&lid=

http://www.techtudo.com.br/_/software/.../download

http://www.ntfsundelete.com/.../ntfsundelete.exe

http://lb.cdn.m6web.fr/d/c/a/5763ca83e55fa9a16bd94d99e3842b39/5810fe92/soft/.../ntfs-undelete_3-0-6-1019_fr_32411.exe

http://secure.esupport.com/ea/click.php?id=UA-17667683-29&mvt=&aff=0&sid=c39a4e016422868a97eb05e6c2bfd74c&src=http://www.ntfsundelete.com/download&href=/.../NTFSUndelete_setup.exe&lid=

http://secure.esupport.com/ea/click.php?id=UA-17667683-29&mvt=&aff=0&sid=3e31521a573a0bd5b0c66e0e14594646&src=http://www.ntfsundelete.com/download&href=/.../NTFSUndelete_setup.exe&lid=

http://secure.esupport.com/ea/click.php?id=UA-17667683-29&mvt=&aff=0&sid=5feb38a47dd6cd5f3f644741dcfb42a7&src=http://www.ntfsundelete.com/download&href=/.../NTFSUndelete_setup_1248.exe&lid=

http://secure.esupport.com/ea/click.php?id=UA-17667683-29&mvt=&aff=0&sid=f3893847b73902fc240bd828851f388c&src=http://www.ntfsundelete.com/download&href=/.../NTFSUndelete_setup.exe&lid=

http://secure.esupport.com/ea/click.php?id=UA-17667683-29&mvt=&aff=0&sid=0f3f628d27df3e2a8ceb4852b75e4468&src=http://www.ntfsundelete.com/download&href=/.../NTFSUndelete_setup.exe&lid=

http://secure.esupport.com/ea/click.php?id=UA-17667683-29&mvt=&aff=0&sid=b0a138d53f42bcffbfb5bf06320b0fd8&src=http://www.ntfsundelete.com/download&href=/.../NTFSUndelete_setup.exe&lid=

http://secure.esupport.com/ea/click.php?id=UA-17667683-29&mvt=&aff=0&sid=30eabc41d6a1554bd4a7d463acbf2bd6&src=http://www.ntfsundelete.com/download&href=/.../NTFSUndelete_setup.exe&lid=

http://secure.esupport.com/ea/click.php?id=UA-17667683-29&mvt=&aff=0&sid=1c311b08f3ee5624e5b7720b2d34bccc&src=http://www.ntfsundelete.com/download&href=/.../NTFSUndelete_setup_1248.exe&lid=

http://secure.esupport.com/ea/click.php?id=UA-17667683-29&mvt=&aff=0&sid=1e9ec7062d49a05455df7ffe902306d0&src=http://www.ntfsundelete.com/download&href=/.../NTFSUndelete_setup_1258.exe&lid=

http://secure.esupport.com/ea/click.php?id=UA-17667683-29&mvt=&aff=0&sid=b223602d6256a4d236a00d5f879af3a9&src=http://www.ntfsundelete.com/download&href=/.../NTFSUndelete_setup.exe&lid=

http://secure.esupport.com/ea/click.php?id=UA-17667683-29&mvt=&aff=0&sid=2fed5181d432c95da16dd5c92bf91e94&src=http://www.ntfsundelete.com/download&href=/.../NTFSUndelete_setup.exe&lid=

http://lb.cdn.m6web.fr/d/c/a/ac61a54acec2ec1eab7b0a8331da005a/57f3d1e1/soft/.../ntfs-undelete_3-0-6-1019_fr_32411.exe

http://secure.esupport.com/ea/click.php?id=UA-17667683-29&mvt=&aff=0&sid=090878bdd0326554ad62c5ca1c570e6c&src=http://www.ntfsundelete.com/download&href=/.../NTFSUndelete_setup.exe&lid=

Latest 30 of 37 download URLs

Scan ntfsundelete_setup.exe - Powered by Reason Core Security