» photorecoverywin-701-sc.exe
Overview
Analysis
File Details
Downloads (1)

photorecoverywin-701-sc.exe

Stellar Phoenix Photo Recovery

Stellar Information Technology Private Limited

The application photorecoverywin-701-sc.exe, “Stellar Information Technology Pvt Ltd. ” by Stellar Information Technology Private Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.google.com.

File name:

Publisher:

Stellar Information Technology Pvt Ltd. (signed by Stellar Information Technology Private Limited)

Product:

Stellar Phoenix Photo Recovery

Description:

Stellar Information Technology Pvt Ltd.

Version:

7.0.0.0

MD5:

2a18bd547e518274eb7c01ae4198e97f

SHA-1:

0a39c074992a7763f6c84d840956a15280b481b2

SHA-256:

632c5f80d4dd5529692e1ee6f60af8fb0947bcf39f42a49e35dd8bc0a68e6b8a

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

12/26/2024 12:58:00 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.CSH (L)

17.1.28.11

File size:

12.2 MB (12,755,688 bytes)

Product version:

7.0.0.0

Stellar Information Technology Pvt Ltd.

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\photorecoverywin-701-sc.exe

Digital Signature

Signed by:

Stellar Information Technology Private Limited

Authority:

Symantec Corporation

Valid from:

12/10/2015 4:00:00 PM

Valid to:

1/8/2017 3:59:59 PM

Subject:

CN=Stellar Information Technology Private Limited, O=Stellar Information Technology Private Limited, L=Gurgaon, S=Haryana, C=IN

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

7A655D1A5B7BAEC2E332ABC3EE5C9F31

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xAA98

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9749

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

40.5 KB (41,472 bytes)

The file photorecoverywin-701-sc.exe has been seen being distributed by the following URL.

https://www.google.com/url?hl=en&q=https://.../download.aspx?id=3ec79822-d164-4979-8015-60fd8644c9fa&key2=prw-701&mkey1=DEFAULT_REDIRECT_TRACKING&mkey2=SC_EN_PRW_7&mkey5=nc&uid=1006618&wid=3641&source=gmail&ust=1484166692574000&usg=AFQjCNEdcDnnI6_0oZk2TDQILF6bFrlrUA

Remove photorecoverywin-701-sc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.