rcsetup140.exe

Recuva

Piriform Ltd

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is installed with multiple programs including Recuva. The file has been seen being downloaded from files.instaluj.cz and multiple other hosts.
Publisher:
Piriform Ltd  (signed and verified)

Product:
Recuva

Description:
Recuva Installer

Version:
1.0.0.0

MD5:
2c46839dcc224c59612a7b7cbaeb50d3

SHA-1:
0ba12e055571ff197e7e7f88ff7d81a8276b8eff

SHA-256:
05bc2ee8d47131970edadb23473bdc7750a024b186d8c0c23fd8ec993687ec6d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/24/2024 11:19:06 AM UTC  (today)

File size:
2.3 MB (2,451,576 bytes)

Copyright:
©2006-2011 Piriform Ltd

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
7/28/2009 9:00:00 AM

Valid to:
8/24/2011 8:59:59 AM

Subject:
CN=Piriform Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Piriform Ltd, L=London, S=London, C=GB

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2F5A8C1E932EDBFD4893916FC880DFE7

File PE Metadata
Compilation timestamp:
12/6/2009 7:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:cftLY8HWdH0bwxYcdsEhn5I85x4uvhtcceJyzUu8UjX/dRiMNtT:zHdVxV75Ig2so1JuZ7DdRNNR

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9910

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file rcsetup140.exe has been discovered within the following programs.

BECTA Home Access Activation Tool  by Texthelp Systems
About 9% of users remove it
Recuva  by Piriform
Recuva is a data recovery program and is able to recover files that have been "permanently" deleted and marked by the operating system as free space.
www.piriform.com/recuva
8% remove it
 
Powered by Should I Remove It?

The file rcsetup140.exe has been seen being distributed by the following 12 URLs.

http://files.instaluj.cz/dwl/d06e2588a0c96f692b507ceeeba233ed/utility/obnova-souboru-a-dat/recuva/.../rcsetup140.exe

http://172.16.50.5/FTP-1/Software/Data Recovery Software/.../rcsetup140 [FT BD.NET].exe

chrome-extension://bigefpfhnfcobdlfbedofhhaibnlghod/persistent/.../lNBBUbTD

Scan rcsetup140.exe - Powered by Reason Core Security