» passwordrecoverybundle.exe
Overview
Analysis
File Details
Downloads (8)

passwordrecoverybundle.exe

iAidsoft Password Recovery Bundle

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.

File name:

Product:

iAidsoft Password Recovery Bundle

Description:

iAidsoft Password Recovery Bundle Setup

Version:

7.3.0320

MD5:

53bf45d5498c3ed38f67afead79974c9

SHA-1:

9008ac8cbb879061665e097390ceece23b6e6c5a

SHA-256:

8ebdaa265a811181efb2ba8bf07f5eecfa8b90a011c0dcefef0c86e993dc9395

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

11/16/2024 3:48:26 AM UTC (today)

Scan engine

Detection

Engine version

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.123194

8.14.03.18.01

File size:

16 MB (16,818,487 bytes)

Product version:

7.3.0320

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

393216:j0w5Jcekpce57cExcpAcBDcQivV2yH+4E2c03x:j0+RkW8gpAgMV2yHKT03x

Entry address:

0x9A58

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 6E, 96, FF, FF, E8, 75, A8, FF, FF, E8, A0, CA, FF, FF, E8, E7, CA, FF, FF, E8, 0E, F3, FF, FF, E8, 75, F4, FF, FF, 33, C0, 55, 68, 0B, A1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, D4, A0, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 02, FA, FF, FF, 8D, 55, F0, 33, C0, E8, AC, D0, FF, FF, 8B, 55, F0, B8, E4, CD, 40, 00, E8, 1F, 97, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E4, CD, 40, 00, B2, 01, B8... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

36.5 KB (37,376 bytes)

The file passwordrecoverybundle.exe has been seen being distributed by the following 8 URLs.

http://gsf-cf.softonic.com/900/8ac/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3345319&instance=softonic_en&type=PROGRAM&Expires=1479874969&Signature=bM1GKcDxtbDr-k-XKkVSOmlv7LgccyOH1H7TXjBIygVfCFpExflHwzwKRJpJN9N99PZHdSEDXLFvDXuD2ynE-TlA~I0R1kJ0gsWH34aiLQHvtdQgNdVmUOiITpeHIpg5kU9i5crl4WNf~etmVIfcQ0PjIh4iaG3cuof9SO0ADlg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=passwordrecoverybundle.exe

http://gsf-cf.softonic.com/900/8ac/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3345319&instance=softonic_en&type=PROGRAM&Expires=1486708326&Signature=BmesyaRtW0eID21vYXTMdAI8GGb7IcDMB4TqIifLS3XidieG1i845I4GbSfUQUz9XKSt1O5MDiNhzTZVTU-8TF7mKnK3sxIZtkUwM3a5Y~BJJAPuLr6-A1TEJdr9C1afHB0AZs-dQ3rOiqHK9aHn2VAO4VIDo07ZLZYiPaePSSw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=passwordrecoverybundle.exe

http://gsf-cf.softonic.com/900/8ac/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3345319&instance=softonic_en&type=PROGRAM&Expires=1476558279&Signature=XDne8dzUZ-KlIbgKna5SGj0RHVVfpDX~N5hCAbZPZEoi3ETatRMlPhpDrXaFxfmyx6yftNgiN6r1kol4kgnLTC05PDqzL4aKYQ87jIRBvq2qsGxIBNr10OlBcKgh6ZM~Ty4qHv61w8zGPN4dTxP1Lia4-Naso0tHpuMlBENFLBc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=passwordrecoverybundle.exe

http://gsf-cf.softonic.com/900/8ac/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3345319&instance=softonic_en&type=PROGRAM&Expires=1454672088&Signature=OYUUWPIMqg-rCFHrf6yZ3V4fQGBvCY1y9583o3FK9BdiFJf5woCnBmr4nUO7QllcVykzAqL9wIxuZeExpA6slQQZdHHrHuV~5vVFbv-UfdT4-T~xyDQOQRg4veY~OdxS~csSneUofrBudgBUGAcCxz-HRrNOT1i4EMfsApeZkDo_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=passwordrecoverybundle.exe

http://gsf-cf.softonic.com/900/8ac/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3345319&instance=softonic_en&type=PROGRAM&Expires=1448067386&Signature=ds4e~Dxobdbhyv~o915YEB0LK2bBuzei1sGwwxYUs3n8ZViO1e9uDR13TWgQ9WYvhGYLx9KwJ3D~oTtRPQgKWJi7AnTIraA6nf9i24cjcvXKNeWFQJ-WBDzb9ZYq5x0JOo-~DCuNogYXOfTBwjiW6dt0o0ztWKm7Lg7I1qBUZUE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=passwordrecoverybundle.exe

http://password-recovery-bundle.en.softonic.com/download-tracker?th=1/.../3xirOON8BPzTFxLiqqTlBFIM6sZ8 2Giw4Vr2k=

http://gsf-cf.softonic.com/900/8ac/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3345319&instance=softonic_en&type=PROGRAM&Expires=1437501121&Signature=CITby5ZHzA7E5AWuwcHWTeYgvzwytfdBFKrYyyBn7q-M-i8Rlrc4fSb92hEpbuVxTeeopNoAjAxDVsfNU3PVK2AnlUgvWECXZurB~BygX7JIYj-Xk1lqlrckr~d5Pa3ji6aDJqLIfiCF5uDA8TfeIfMn4c6SU1Y5~Cll3j2YhqA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=passwordrecoverybundle.exe

http://www.any-data-rescue.com/passwordrecoverybundle.exe

Scan passwordrecoverybundle.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.