pareto_dr_setup_rw.exe

ParetoLogic D

ParetoLogic Inc.

The program is a setup application that uses the InstallShield Setup installer. The file has been seen being downloaded from www.2-data-recovery.com and multiple other hosts.
Publisher:
ParetoLogic   (signed by ParetoLogic Inc.)

Product:
ParetoLogic D

Description:
Setup Launcher

Version:
1.1.0

MD5:
994f31ec0ca060bce95f26baf92b8bb2

SHA-1:
bd780f4bfb5ed0453c044aa750c3263b060b3f16

SHA-256:
85db666b9d44b4698f523cb33f09c613ad3e8a3b136ab98f66aba1b47a5f6d95

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 7:05:34 AM UTC  (today)

File size:
6.7 MB (7,072,560 bytes)

Product version:
1.1.

Copyright:
Copyright (C) 2007 Macrovision Corporation

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Installer:
InstallShield Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\pareto_dr_setup_rw.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/27/2008 6:00:00 PM

Valid to:
2/27/2011 5:59:59 PM

Subject:
CN=ParetoLogic Inc., OU=Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ParetoLogic Inc., L=Victoria, S=British Columbia, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1DA7E1979D3A07E67282D6F97138B4B3

File PE Metadata
Compilation timestamp:
4/18/2007 8:03:15 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:z1NQV5/pMHzU5MLpEggS7TC/AJRWn+uTCWc:zIyJdEY7uMRF+c

Entry address:
0x2996C

Entry point:
55, 8B, EC, 6A, FF, 68, C8, 70, 43, 00, 68, 58, CB, 42, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 78, 61, 43, 00, 33, D2, 8A, D4, 89, 15, 04, 56, 44, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 00, 56, 44, 00, C1, E1, 08, 03, CA, 89, 0D, FC, 55, 44, 00, C1, E8, 10, A3, F8, 55, 44, 00, 6A, 01, E8, 15, 1F, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, 30, 10, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
7.9674

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
212 KB (217,088 bytes)

The file pareto_dr_setup_rw.exe has been seen being distributed by the following 50 URLs.

http://www.2-data-recovery.com/Pareto_DR_Setup_RW.exe

http://dc594.4shared.com/download/.../Pareto_DR_Setup_RW.exe

http://paretologic-data-recovery.softonic.com/download-tracker?th=8yS3 KGEYLiw7GKMHzA/trmsvRChbxdrflJq3ZIylWuxCsirEyika8CmI3TyjSg9teMrDITl533IOc54bvWiLOyWto1rfxRRzBebIqgX2x/GH19qwnYa6oE8wWh5Mtwdv4XPueh/hBw6Y8G5DKJNwKaK/XARc4GRAj04sK23JPFQLjEKp6H7PZH7CHyPsKfmp wihy mr8qk6wODPH4DpC92IE16w9pKcWjgoW3rBYlW8FSpTwepcZGu MZXpiRdJ3TV4GoNUjAsLEKDLx0zvYoeaQwBXMMWuRK7LaCUugwfrQZBV8Mm4H2/OP/lY/pckX7JbJh04ixCxVxSbWDUhXPxaE76dB2Pig245Or4HKRzb0g7zDVhzuenef7VHd36G uAY8DapZuLuGQ1 TRRlvFrecq1 O4ydKMT9Mdm/3 KyvKaZNKdaNJ5Lv36CjB9sUtDS8xvkACNzZ4w3aajyqjNSiY2TV8fJ1U1MadtZFFFPUBjmQzB2fBbEFGRSaZ1/.../mfRqt3OVR8K9ca8SkS3DXqrGsX761mCkFhVrGKeDlCquWIHReJnKD288Fsv3HxPi5RDQTr32kXgEy4PwSaew=

http://gsf-cf.softonic.com/bd7/80f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3343683&instance=softonic_en&type=PROGRAM&Expires=1477825847&Signature=CHc~JzrFmnc9gsgZcpqjpW~16MvAfJBmTMAzBdE963pIOEI9WNDzw3XXS7YHTVyDiOOdt3jOeQC2rqcGaHpE1W0DDTpJ8OdssQqp3OUV2ljpv-RYxin5WkVc173Torlc2PBnpduzytXJ84FctT8gsxdRZ4IuykwkfdpcOZ~f1DQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Pareto_DR_Setup_RW.exe

http://gsf-cf.softonic.com/bd7/80f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3343683&instance=softonic_en&type=PROGRAM&Expires=1477088539&Signature=B2MSb3IH3sM6Uh~4NuL6ULzl8V83JrVSFpNG2Y~75Wwxv~wwk6xaSshqKLuQ2G7of8Um-aLMjcqQj~u5wrvP-UzaZkB78V5t3B-y5o0g983iyFdZRLxctYYkYxn6~qG7ikTQRGX2W0kLpABYST1Gac1-OwB~L29jmnnnmd3wCn0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Pareto_DR_Setup_RW.exe

http://gsf-cf.softonic.com/bd7/80f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=83312&instance=softonic_en&type=PROGRAM&Expires=1477703237&Signature=b2-9vRK-KIp3aEf0ic5C5rg11Y2m1vQgLvK5KPZjWmzMNz6OOolWahRKSxXRK4lnWhoVQy~HFY8eozSaUNqne8~-8uqDutCyp16s7y4n10Bhi32Q0y5Ll-aSx54KgdlCsscUlikGClJlb4m5mHi-tgRfNGO13PsjMAa2H~o33OM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Pareto_DR_Setup_RW.exe

http://gsf-cf.softonic.com/bd7/80f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3343683&instance=softonic_en&type=PROGRAM&Expires=1476941917&Signature=Hi8ZG7WrLz1Qe7Bx-70hAO9wGOPGeBEfjXPO9LDMdScLRZqqlJNaf-K59E1Cf7PebQ9vfGr6mnO3Mb-3fUu1ddzNjJnrugzLH5n57JPzxA048GrIrXbVDCIDxotFBIRG-jqnt4ZPpgZ8Sw-KHku6qP7gXXXj4V6z97dM5C~gm5g_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Pareto_DR_Setup_RW.exe

http://gsf-cf.softonic.com/bd7/80f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3343683&instance=softonic_en&type=PROGRAM&Expires=1432860913&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=P6KXBuQPNDz4cuZOs5AJYKbse45xuiMZYqfdFWARxXJJ5wR6P8EwTWoWBGu9q6moDyIuhWy6kdKfHqrHatT9MNgBVQ5MSHzNftEFTUy2GHa-dBrsQkECZZ5Ur3UDJbL1~DgMIBR5S6emP-~9EyylB6ov~wBSZ~z-urzVOQ1NLUU_&filename=Pareto_DR_Setup_RW.exe

http://gsf-cf.softonic.com/bd7/80f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=83312&instance=softonic_en&type=PROGRAM&Expires=1477579088&Signature=AoCxSdIlS3mQUn4Pwa4qV7hSRqAOH5Qw1-6wwR-ZFm1IxRKcHMgccEClv5uUPBzEAvsqb2y6S39Dv5gxQTqDTqWWK3TFyvbkx3HII3-YpBhgiofx6tS26Of~MslwV4b1P8H9aTTCF~wEcXU9vZGY8iS8YDIYh3VzKU~PjJM82mo_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Pareto_DR_Setup_RW.exe

http://gsf-cf.softonic.com/bd7/80f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3343683&instance=softonic_en&type=PROGRAM&Expires=1439216059&Signature=ba2FzmJ-3DyjwZL5TVAnJr8gKwsJ7aNkYdBP0hO5B7-p7mckmieAks1IMB0sfDKJUPNPxVVwlgna7V~ZFulFOBOnj0sCYcX~mSO2pJkYI4TYejyJoMosMS27EOTBh6cpZ2WGiichHUzF~I8Jg~pN3U6Ky~EHLV2mMWRnq8mvYXg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Pareto_DR_Setup_RW.exe

http://gsf-cf.softonic.com/bd7/80f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3343683&instance=softonic_en&type=PROGRAM&Expires=1476746917&Signature=NzMFBNrVDxYoFMG8AXPjf~pwFk9L8sQdMUXfUHkHAisxrG4czuxwVYe8aPM5MyILvEKyUJlWkRp~FFa-zKhFvQm5faKjwQb-zpKKqLTNi8YwtGMj9dpCHCxs1RSjFoFDZ0Y-NZ5Oinop6DiaLyjY2bIUvyFOjV9awyTBRr~gvpw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Pareto_DR_Setup_RW.exe

http://gsf-cf.softonic.com/bd7/80f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3343683&instance=softonic_en&type=PROGRAM&Expires=1476008192&Signature=S50BuW2jO3uK~TS-nHXA4qaJseZG7IxkJuUklLJUsWjQolwayWy5tgVFv9XxBEmLsqp~cn7wP-CB91W9aUev9E5~VC7YRdlPXIe18a7NNdtQpb1vO4orU1BfljFipw~Ism15bwJyUWFPKW2zUDDm4xmsyusmofr84~eUxU0LrSA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Pareto_DR_Setup_RW.exe

http://download2091.mediafire.com/punoj6oqndwg/.../Pareto_DR_Setup_RW.exe

http://gsf-cf.softonic.com/bd7/80f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=83312&instance=softonic_es&type=PROGRAM&Expires=1429400914&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=fV3t438IpbkkszW6RxQhzf~GQKfroLXyRe7aGFXBbWgPUMVNYZVlwZamLMXqeiPQSU8nlVSTunGl5GB1uRsqpfu4vILpSuzlqOgmuUERbDunyUqDWMRxH9caInXRjjpQT~F1l70qBzliQLlpTYtqLyuf9a2DcntdOowhq7N1pBM_&filename=Pareto_DR_Setup_RW.exe

http://gsf-cf.softonic.com/bd7/80f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=83312&instance=softonic_es&type=PROGRAM&Expires=1476354852&Signature=Npk2DfSV-13BoVfDlSkHDWs0A70MkQokn-EDhA0awUy9CSrIYtPwUNOo0myMYleyuhAEAO9X0jdhyIExB3tyqIMXN5dnkvS5VCbdbpRjJ2zuUV5sXe22kgr4huvQEY7sq2U3gpO6fjztLr7r6n8I3EaRdYvgUM3zHw2XJE8ZaKM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Pareto_DR_Setup_RW.exe

http://gsf-cf.softonic.com/bd7/80f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=83312&instance=softonic_en&type=PROGRAM&Expires=1474266432&Signature=Rjc7rC3Wl7~s33gwnA3LkPxdJwu7-3spTfEUUnYr2Gk0cWF8KoltcwLeAToFiYdrdMXXRIjalmHkQA7366rtscslktTZfJcn0QiQ1dcZOtvZTpxrsLLrRyRbYyFuqxuHkuFsECvgpcIyUD-9BaF0Ue2vgRkKk7qLqb2B8aGQ6Vk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Pareto_DR_Setup_RW.exe

http://gsf-cf.softonic.com/bd7/80f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3343683&instance=softonic_en&type=PROGRAM&Expires=1474344216&Signature=bM6-bRrjBcEWWgw0bJg3Be22MaVw9Rm2UkWVfupzPCSsNcqT~X7PT-zNXwM17UaeZzxnIj0iPX73ljnMRXLuulEP-EEsfkP9uHmnKpABVjY2RyqHqMzaTTL732IKIsqt4QwWtW49CMCics7buX43L-vXVviAw8ANHfe4pp0GE~M_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Pareto_DR_Setup_RW.exe

http://paretologic-data-recovery.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAMUnhv/i0wj45rzFtj1WTDheZ0spcbUM5sCuJpTvcPoYxJ/g5TFWHykbS4i0mlnKbn/MG9kagsT13MgspwtXfzlqp7uFCVZb9ly2QycGXxj EjZurRrIw9UyCS5pWo2v9GPwbpExxjRHJ4t rmMKO9Y/EvNGcJ7BY7Up2Oz7JCxvzZ5UKEOc48gQ7d/fpa/SZgRrzOyLlml4yhtE5kJIFZzcBPWu3vtoz4Lp4a5uOgmrisykwROySkzbP6ZZz51nlW/NhjiEYNT1BmlpkK1X57kkyHcpog0rkD6OzwovluRYBkM7Siyb0cCKFStgHG2PwBfQ4mJq/oeLzWcaPYqEbTGNrG1KCy8f813kTZqYYK8T9pfi4ThFnEFbDJ30izhSRr3CsPXx29qXch1lsVUykJpOUXXIF0YyTuqm6/dMTGV3747ey1iCXD867UPvSEPzGuBr6s/VJwxPHUHumeVK4G6iU9u28qp4y5q3LDoMbsKEDgmlo7wsOKWExYXTToQUrhGUU5M7nvTYOzY85h6mM6MpYE4WVia29Mzlmuhy3z7c1JWMQVMqIn5fuQXAc/hjAhfowb0KEIzOxqlRqAV0S0AVfS 3oQ4A4hxi/.../VZViIPEY=

http://www.2-data-recovery.com/data-recovery.php?id=6

http://gsf-cf.softonic.com/bd7/80f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=83312&instance=softonic_es&type=PROGRAM&Expires=1444701968&Signature=V69UOAZMfb2XHrbz7io6KLDHvWDTMlEb1ge4I47at48jWjzQMrhxWSBSqx0uGBapblcEfHK5ZMuCPMFVKMlUJ7hHo4UxTA7MkRV74q9Dj3xEVKlGKUMx5Tj9h57W7ZN9T9zCt~QwpKi1iEVahDMEXHA7Tluw6EiRnR6iEJkRopk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Pareto_DR_Setup_RW.exe

http://paretologic-data-recovery.softonic.com/download-tracker?th=8yS3 KGEYLiw7GKMHzA/trmsvRChbxdrflJq3ZIylWuxCsirEyika8CmI3TyjSg9teMrDITl533IOc54bvWiLOyWto1rfxRRzBebIqgX2x/GH19qwnYa6oE8wWh5Mtwdv4XPueh/hBw6Y8G5DKJNwKaK/XARc4GRAj04sK23JPFQLjEKp6H7PZH7CHyPsKfmp wihy mr8qk6wODPH4DpC92IE16w9pKcWjgoW3rBYlW8FSpTwepcZGu MZXpiRdJ3TV4GoNUjAsLEKDLx0zvYoeaQwBXMMWuRK7LaCUugxlbl3UA1gyMDu2TBTV55ygSHAm8nLz1zpbdf3sQTS7bFpgDUcX0P2RSPWkdHiWCyyPqNMkg7f0ICsxzaiWao15AXh0mXcPjCapPky/UGXD8cqDXSfrhKZUyAYPM6/xd79Na0PaR8BONqxLPanLj6cU7K3v2DVd19FTf0Id2xD0srL QpY7Nho9v/thlZGV7aJYszvv6F918a3qFZa/hxG49ipvBauxDTPuBFN5KevrEXQicY80tyw4M/.../mfRqt3OVR8K9ca8SkS3DXqrGsX761mCkFhVrGKeDlCquWIHReJnKD288Fsv3HxPi5RDQTr32kXgEy4PwSaew=

Latest 30 of 51 download URLs

Scan pareto_dr_setup_rw.exe - Powered by Reason Core Security