» ppadsetup.exe
Overview
Analysis
File Details
Programs (1)
Downloads (13)

ppadsetup.exe

PhotoPad

NCH Software

This is a self-extracting archive and installer. This is installed with PhotoPad Image Editor. The file has been seen being downloaded from ppdjs.brothersoft.com and multiple other hosts.

File name:

ppadsetup.exe

Publisher:

NCH Software (signed and verified)

Product:

PhotoPad

Description:

PhotoPad Image Editor

Version:

2.80+

MD5:

c0076b57bc0f383a146198953ea6cbaf

SHA-1:

3e96dc266a3c43ea5fb5d0e4f9a9078cee22f5c6

SHA-256:

dd7139a0526c3003467c97ecb448753d4e5e2f86bc9ff0423908f7baa9f0ff88

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/27/2024 12:40:45 AM UTC (today)

File size:

2.5 MB (2,625,760 bytes)

Product version:

2.80+

NCH Software

Original file name:

PhotoPad.exe

File type:

Executable application (Win32 EXE)

Language:

English (Australia)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\ppadsetup.exe

Digital Signature

Signed by:

NCH Software

Authority:

Thawte, Inc.

Valid from:

7/5/2015 5:00:00 PM

Valid to:

8/6/2017 4:59:59 PM

Subject:

CN=NCH Software, O=NCH Software, L=Canberra, S=Australian Capital Territory, C=AU

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

58D9B9D38780932DD1CBC58A2AD28B1C

File PE Metadata

Compilation timestamp:

1/24/2016 3:09:42 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

49152:YQgLAGjHAXxvnQhFuY6aHhL7m/4ssBaomgiR5jzgyo9cqwAfHV:OTAX1nZY60/asgX1syDAd

Entry address:

0x11D4

Entry point:

55, 8B, EC, 83, E4, F8, 81, EC, FC, 16, 00, 00, 53, 56, 57, E8, 03, FF, FF, FF, 33, DB, 3B, C3, 89, 44, 24, 14, 0F, 85, DF, 03, 00, 00, 6A, 06, 53, FF, 15, 8C, 20, 40, 00, FF, 15, 48, 20, 40, 00, 68, 6C, 24, 40, 00, 8B, F0, E8, CB, 03, 00, 00, 85, C0, 74, 10, 68, 7C, 24, 40, 00, 68, 80, 24, 40, 00, FF, 15, 50, 20, 40, 00, 68, 90, 24, 40, 00, 8B, C6, E8, AB, 03, 00, 00, 3B, C3, 74, 49, 83, C0, 0E, EB, 08, 66, 83, F9, 20, 75, 0A, 40, 40, 0F, B7, 08, 66, 3B, CB, 75, F0, 0F, B7, 08, 33, F6, 66, 3B, CB, 74, 20... 
[+]

Entropy:

7.9985

Developed / compiled with:

Microsoft Visual C++

Code size:

2 KB (2,048 bytes)

The file ppadsetup.exe has been discovered within the following program.

PhotoPad Image Editor by NCH Software

Publisher's description - “PhotoPad Image Editor is a photo editor for Windows. It allows you to edit and apply effects to photos and other images.”

www.nchsoftware.com

30% remove it

The file ppadsetup.exe has been seen being distributed by the following 13 URLs.

http://ppdjs.brothersoft.com/ppd_stat.php?url=http://www.nchsoftware.com/photoeditor/ppadsetup.exe&c=2361LZaUbRtPp7SsbwnfNYoI79MRSpfhOPNsf3FLrq8CpvxNtudHKd1t0fxfPBLvroQe9Gv/jXi0v5Tac5LOK/.../JMWECagQV0172HJmbxC0X9oHqFRQsrmQ3XC7OjvFH6eoSEq6QpfzdGL8y8ZUsKaMHpxrm6xHEiL3jq3iD0k4MfwuuQx2OESHz9Tj0b5GEwTFAZ6pFw576LdCw

https://d1ob5g40gc5b6g.cloudfront.net/23/226478/.../ppadsetup.exe

http://ppdjs.brothersoft.com/ppd_stat.php?url=http://www.nchsoftware.com/photoeditor/ppadsetup.exe&c=e399sSWICJGZNEVUW9cSj4w4dY9tNpa8nIfAzKxEeieU/KYD2PtGUMrJZNxYeVTdqzH2Q9P 3iiQAPmYBrcY1Iao4G8klE4BaCE3OhM9voOiyND7vcyG53IBwncaacJsm9hfG34VR8Wj0IJP83uqkaewxO/.../c2gVou3nArge85

http://ppdjs.brothersoft.com/ppd_stat.php?url=/d.php?soft_id=491065&url=http://www.nchsoftware.com/photoeditor/ppadsetup.exe&c=e637XmiKJlDskLOCZbEobynv1WkqVrmZO/yvNMhOp6SK1BAa9thiN3SnLAm2AanZp60l3ivTTSPPRHR8s/.../92AqmrXZmb9Rl4GpnYN cRxhF097M47qB4MtJT6v2NM8Sj46Wzb6iJoHQkc88BpolgCXQjklCS98vEECrFQ81gYmZaimt93bs2hTjsCQNDOFhl6eAoInakA48nVhqnVNXauUh

http://ppdjs.brothersoft.com/ppd_stat.php?url=/d.php?soft_id=491065&url=http://www.nchsoftware.com/photoeditor/ppadsetup.exe&c=d072J8negjmcnpRQxbRnXGfqjPtrEnJbj/ur9xGRQsrUE6IdhtFswwW5UlXzAGmdmqr83sDxRzpmeYcMyDUS4Z6dQzY91HnqG6meAKoM93oxtdF06W/LdlOEdJ5/B9fH6j007 v4Jf/.../r6hMxKrs06cXVXFKbcBsmCVQCMAJL

http://ppdjs.brothersoft.com/ppd_stat.php?url=/d.php?soft_id=491065&url=http://www.nchsoftware.com/photoeditor/ppadsetup.exe&c=113c6hmSsPFk7V scCtlOMnZQoq41wonkyeWIyjnOLSMsUvLDRiqNxU7xWFmNtc7s/2zNxGR4TO1VPOX40OLkvNPj1PneNdIGu5ISD/.../jHF0KazRneBe7iWwyuixbXg5 go

http://www.nch.com.au/.../ppadsetup.exe

http://files.downloadnow.com/s/software/14/68/64/.../ppadsetup.exe

http://ppdjs.brothersoft.com/ppd_stat.php?url=/d.php?soft_id=491065&url=http://www.nchsoftware.com/photoeditor/.../p1Huzy BhBQfTHZlGcmhVVL6tajv4mE8AwbH RtQL2PKFN6FBjU39EwAzD7G0vI 63ZwCfSz8CDRTN2zaVbTENTzSOUUNreVOC2

http://ppdjs.brothersoft.com/ppd_stat.php?url=http://www.nchsoftware.com/photoeditor/ppadsetup.exe&c=bb56HttXHjqZvUurGA7C8VlORTY/f4HEcAfAcIuBqxbHoJetSzdfQJbGSZ3cYw dSeB 9btm8SrAALw4RgXcsw4 v3BIYMNoMyU4HqCNhTY0pjF8OEXnrrLNaPcGGSXZgAMwiUDbFwFKq58y5XEaklsog/2nsWalITRLbh2FDvBdv8Wn5uAEuqKCeRov7yeEAiMqUGn c6pxXKmBGGxXuK/.../P5MgBNyyA

http://ppdjs.brothersoft.com/ppd_stat.php?url=http://www.nchsoftware.com/photoeditor/ppadsetup.exe&c=54136 AaIv/8X1IJFiyVQVZGfPJxnNr0yIpT7W9VdZySucmqHLqm/p1u3wTmn5NA7T3FXCSOmdDnz30/.../obOA3ine3ixPNXqGDqXM5U7x34keWlbj1eVySJ0J6Uo1bXRi89e4rNcw2qT2 lQ1ZPF1D YGV1O1lNlz4LQyevFMVXUYa2TP14drx6BlWqBbTY8q2iZKkHyK82IL2xzEPrNm1hzwIZGw

http://ppdjs.brothersoft.com/ppd_stat.php?url=/d.php?soft_id=491065&url=http://www.nchsoftware.com/photoeditor/ppadsetup.exe&c=532fjThLmyvr12wJ/liVwFdlBDTtXM ASvY3kGwiYYVe1pHZ83WwyK/10ig2GZQrIrOcKNLrfHZXkwqawSm3272tMsl97PAigVIhZkRm2Wldb/.../b8Wye5JqbwDtTi8kRD2D4u1fUdBdPbGfBDwWjE1tGeNe1aXSHA6mHOVKfUtIqOoIqXmsqbOuJvDb2p7V8d1PX

http://www.nchsoftware.com/.../ppadsetup.exe

Scan ppadsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.