home

PhotoProduct.exe

PhotoProduct.exe

Visan Industries

It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from dysk.onet.pl.
Publisher:
Visan / RocketLife  (signed by Visan Industries)

Product:
PhotoProduct.exe

Version:
1, 0, 0, 3341

MD5:
c7ac5b01552870771bb878321d855d0b

SHA-1:
7a226ebb3493674e650bc6fbdef673610a2fc4ee

SHA-256:
48f5e0516da7e0c444799674da291d456fb8851ceff1023d49ae4854c6c98116

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 12:22:48 PM UTC  (today)

File size:
177.5 KB (181,744 bytes)

Product version:
1, 0, 0, 3341

Copyright:
(c) 2003-2009 Visan / RocketLife. All rights reserved.

Original file name:
PhotoProduct.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\hp photo creations\photoproduct.exe

Digital Signature
Signed by:
Visan Industries

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
9/13/2009 7:00:00 PM

Valid to:
9/13/2010 6:59:59 PM

Subject:
CN=Visan Industries, OU=SECURE APPLICATION DEVELOPMENT, O=Visan Industries, L=Folsom, S=California, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
2EF75B7A43D5EF9FFB3B64C9F8457DA1

File PE Metadata
Compilation timestamp:
4/19/2010 9:09:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
3072:6V+Ysh/MkKnJc+B0hJSS7MhKIpceNEkfBgl4qi9lUVwFwy6OtsyZu6dG5h1N2Zn:gsh/MkKiggSS7Mh1DNE/lS9lUVRrgGF

Entry address:
0x32F7

Entry point:
6A, 60, 68, B0, EC, 40, 00, E8, 69, 03, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, B1, F7, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 38, B0, 40, 00, 8B, 4E, 10, 89, 0D, 3C, 32, 41, 00, 8B, 46, 04, A3, 48, 32, 41, 00, 8B, 56, 08, 89, 15, 4C, 32, 41, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 40, 32, 41, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 40, 32, 41, 00, C1, E0, 08, 03, C2, A3, 44, 32, 41, 00, 33, F6, 56, 8B, 3D, 04, B1, 40, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Entropy:
7.2086

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
40 KB (40,960 bytes)

Scheduled Task
Task name:
PhotoProduct.exe


The file PhotoProduct.exe has been seen being distributed by the following URL.

https://dysk.onet.pl/api/files/Sky Moje Dokumenty/Dokumenty/.../PhotoProduct.exe

Scan PhotoProduct.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.