rcsetup141.exe

Recuva

Piriform Ltd

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is installed with the program Recuva. The file has been seen being downloaded from www.filehippo.com and multiple other hosts.
Publisher:
Piriform Ltd  (signed and verified)

Product:
Recuva

Description:
Recuva Installer

Version:
1.0.0.0

MD5:
a07817dcfa46b1a8a4560e7a05bc495e

SHA-1:
c43593fde66ddc46d492c55803608a4929a1d86e

SHA-256:
ddd7d233832dda15ac524f79933e11490035c3b390a2043ebabac126ce1fe592

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/24/2024 4:14:35 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Bundled.Toolbar.Google
8.9465

File size:
2.4 MB (2,556,672 bytes)

Copyright:
Copyright © 2006-2011 Piriform Ltd

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
7/6/2011 3:00:00 AM

Valid to:
8/23/2013 2:59:59 AM

Subject:
CN=Piriform Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Piriform Ltd, L=London, S=London, C=GB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
741D340793306ACA84FAB3ABBB1567CE

File PE Metadata
Compilation timestamp:
12/6/2009 1:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:OSU3p0rGLHN6oHX0ss8L/RY5Y/f+HuDIU0jIWAS/sRYL9Uoi+Um:z7rGLHnXAMBf+O0U00yqYU5+/

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9918

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file rcsetup141.exe has been discovered within the following programs.

Recuva  by Piriform
Recuva is a data recovery program and is able to recover files that have been "permanently" deleted and marked by the operating system as free space.
www.piriform.com/recuva
8% remove it
 
Powered by Should I Remove It?

The file rcsetup141.exe has been seen being distributed by the following 6 URLs.

http://www.filehippo.com/download/file/.../

http://www.filehippo.com/download/file/.../

http://205.196.120.63/8i50c7vw3w7g/.../rcsetup141.exe

Scan rcsetup141.exe - Powered by Reason Core Security