pstagesetup.exe

PhotoStage

NCH Software

This is a setup and installation application. This is installed with PhotoStage Slideshow Producer. The file has been seen being downloaded from global-shared-files-l3.softonic.com and multiple other hosts.
Publisher:
NCH Software  (signed and verified)

Product:
PhotoStage

Description:
PhotoStage Slideshow Producer

Version:
2.24+

MD5:
6c62f9c11a2472027fe8acb77bcc7099

SHA-1:
19d232f17262a4f1ff30fa6f68a2bfba16de433c

SHA-256:
c12a8f217fa129a5c6d431aa4956c2d6ff9d1d1474b88f5f6a876b928f2ccf76

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 1:33:15 AM UTC  (today)

File size:
4.9 MB (5,128,264 bytes)

Copyright:
NCH Software

File type:
Executable application (Win32 EXE)

Language:
English (Australia)

Common path:
C:\users\{user}\appdata\local\temp\pstagesetup.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
5/19/2013 7:00:00 PM

Valid to:
8/7/2015 6:59:59 PM

Subject:
CN=NCH Software, O=NCH Software, L=Canberra, S=Australian Capital Territory, C=AU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6A560820FA3E9AD8E5411734B1D40AD5

File PE Metadata
Compilation timestamp:
8/5/2013 12:54:51 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:DqB3vreXLzGLAGmsHK4f7/tOZFKl2jHq8uFbMumma3m5pAa9UYWOrM:DqBUvWAGm7RZ7K8uF4y2a6YWx

Entry address:
0x21D8

Entry point:
55, 8B, EC, 83, E4, F8, 81, EC, F4, 14, 00, 00, 53, 56, 57, E8, 03, FF, FF, FF, 33, DB, 3B, C3, 89, 44, 24, 14, 0F, 85, 3D, 03, 00, 00, 6A, 06, 53, FF, 15, 88, 10, 40, 00, FF, 15, 14, 10, 40, 00, 8B, C8, E8, 2E, 03, 00, 00, 85, C0, 74, 10, 68, 7C, 14, 40, 00, 68, 80, 14, 40, 00, FF, 15, 20, 10, 40, 00, 8D, 44, 24, 68, 50, FF, 15, 30, 10, 40, 00, F6, 84, 24, 94, 00, 00, 00, 01, 75, 0A, 66, C7, 84, 24, 98, 00, 00, 00, 01, 00, 8D, 84, 24, E0, 0C, 00, 00, 50, 68, 04, 01, 00, 00, FF, 15, 44, 10, 40, 00, 6A, 63...
 
[+]

Entropy:
7.9996

Developed / compiled with:
Microsoft Visual C++

The file pstagesetup.exe has been discovered within the following programs.

Publisher's description - “With PhotoStage Slideshow Producer, create slideshow of your photos. Share your memories with a multimedia slideshow, combine pictures, video clips, music, and narration, and burn to DVD, share online, or save for other portable devices.”
www.nchsoftware.com
22% remove it
 
Powered by Should I Remove It?

The file pstagesetup.exe has been seen being distributed by the following 7 URLs.

http://global-shared-files-l3.softonic.com/19d/232/.../file?nvb=20140618204342&nva=20140619084442&token=02b483c806c2d52183906&id_file=66499&channel=WEB&instance=softonic_es&type=PROGRAM&fdh=no&SD_used=0&filename=pstagesetup.exe

http://s6248.chomikuj.pl/File.aspx?e=yub4fMYE6h9vEHeN10QBsUd5dvhgP3rmyySxpHEga21frdindjRe1fWtZlcF8c5xkDg_I75YaBfO6ySLOAX7VpmYeNqpDbN4NJcTIeIdOXmCbigyzeRShG_VZsbVt_K0iabcgTnExor7HohnCC4zgWScWIViU_jNHgyzCGohE1Q&pv=2

http://s6445.chomikuj.pl/File.aspx?e=yub4fMYE6h9vEHeN10QBsUd5dvhgP3rmyySxpHEga21FH9jyM9E7n22_VvnEwIgwfjZ96dHaeT9H9L-YozsbmVg06jdjqPjkaoLlh8OzDpEw2u1ukYGj4U5m6T3FT7-O3nEkA0qAmoAEyKfJkBpaqBIZMS9OatiyO2s6h7kte14&pv=2

http://gsf-cf.softonic.com//19d/232/.../file?id_file=66499&channel=WEB&instance=softonic_es&type=PROGRAM&fdh=no&SD_used=0&Expires=1405849363&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=HnWBMdXd28TOGD9pakJHXp0dqXlcQp9wyeADv6Edgd1bLV9WpL~6Atf8jARSjahyc~3zppAH7Dnip~zVGwd7FjYLfnxfmMQcugnj~R2pc6PNQvf7m0vcKqPejdMR6Onc5UZtB-1w7BVX2x7aGwEb-dRcaheD5XjvsZAo4UTn8-c_&filename=pstagesetup.exe

Scan pstagesetup.exe - Powered by Reason Core Security