photos2folders.exe

Photos2Folders

Acrojax Solutions Inc.

The application photos2folders.exe, “Photos2Folders Setup ” by Acrojax Solutions has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from windows.indir.com.
Publisher:
Acrojax Solutions Inc.   (signed by Acrojax Solutions Inc.)

Product:
Photos2Folders

Description:
Photos2Folders Setup

MD5:
aa1f64c5c38a680b3c364e07c811f5a0

SHA-1:
a1b5d779a143046c3283d922eded8f5e2c0dad71

SHA-256:
1f44746e098a2641c62bafd29139e7a6512e929c2aaf21b3a654dbad8fead7af

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/26/2024 3:44:57 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.CSH (L)
16.12.5.14

File size:
1.3 MB (1,324,000 bytes)

Product version:
0.2

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Turkish (Turkey)

Common path:
C:\users\{user}\downloads\photos2folders.exe

Digital Signature
Authority:
Starfield Technologies, Inc.

Valid from:
3/11/2013 10:48:00 PM

Valid to:
3/11/2014 10:48:00 PM

Subject:
CN=Acrojax Solutions Inc., O=Acrojax Solutions Inc., L=Calgary, S=AB, C=CA

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
049B9B52DB017E

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:6Qi60B0fFKTmPKNP+2J1Wqh9EK57C8ICbQH6HdV/CxlfX2pR742WzISl:69605T5+IjvVtCNCkHGdV6rl2WkO

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file photos2folders.exe has been seen being distributed by the following URL.

http://windows.indir.com/kaydet.php?x=TVRBd09UUkFRRUFoSVNFdVFYTnVLelJtSlcwMVRRPT18fHxjOTkwM2EzZjE2NGU5OTcyZjk4ZmE4MWEwMWUyMDczZg==&m=1

Remove photos2folders.exe - Powered by Reason Core Security