rcsetup142.exe

Recuva

Piriform Ltd

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is installed with the program Recuva. The file has been seen being downloaded from fs11.filehippo.com and multiple other hosts.
Publisher:
Piriform Ltd  (signed and verified)

Product:
Recuva

Description:
Recuva Installer

Version:
1.0.0.0

MD5:
6c960c5ab4370662c5009ea2f32626d2

SHA-1:
3094664d1394f9fb6acc4749637602f05c91e58d

SHA-256:
adaa75a97cbc8692d867298fca96d678ab6ca273da27a1d48a6dd1a38eb4db94

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
12/24/2024 3:01:41 PM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Trojan.Generic.10156642
8.13.12.31.12

XVirus List
Win.Detected
2.3.31

File size:
2.4 MB (2,568,952 bytes)

Copyright:
Copyright © 2006-2011 Piriform Ltd

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\rcsetup142.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
7/6/2011 2:00:00 AM

Valid to:
8/23/2013 1:59:59 AM

Subject:
CN=Piriform Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Piriform Ltd, L=London, S=London, C=GB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
741D340793306ACA84FAB3ABBB1567CE

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:VNaiR54syWOEjo5dph7v7L7625Utyo2HdCIbWjGeAXArxJlg6STyhtaWRnRmV/Zs:Voif4sAEsvr60Uth2HdCMj4fDRhtaaRB

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file rcsetup142.exe has been discovered within the following programs.

CCleaner  by Piriform
CCleaner developed by Piriform, is a utility program used to clean potentially unwanted files and invalid Windows Registry entries from a computer.
www.piriform.com/ccleaner
3% remove it
Java 7 Update 25  by Oracle Corporation
Publisher's description - “Java technology allows you to work and play in a secure computing environment. Java allows you to play online games, chat with people around the world, calculate your mortgage interest, and view images in 3D, just to name a few.”
java.com
4% remove it
Recuva  by Piriform
Recuva is a data recovery program and is able to recover files that have been "permanently" deleted and marked by the operating system as free space.
www.piriform.com/recuva
8% remove it
 
Powered by Should I Remove It?

The file rcsetup142.exe has been seen being distributed by the following 32 URLs.

http://fs11.filehippo.com/5643/.../rcsetup142.exe

ftp://d48d29cacad125f64c55088f34551bb2:1329692627@ftpclubicb9a.clubic.com/.../recuva_recuva_1.42.544_francais_31279.exe

http://fs40.filehippo.com/8736/.../rcsetup142.exe

http://s8897.chomikuj.pl/File.aspx?e=3MfKFux4tajJUdWKgi4SI7ZZpEKa-07uPMDHh4euguu5hUajKhqTuBNiKAE32NWABY5p8Eww_5IwTH8BC-8vaU4RPz85_y58OmiS94udt7imxYh1frXyxT7rn5-9oU5WblYm6LIZ8gQRzX1OEh7ORw&pv=2

http://sd-cf.softonic.com/58000/58808/.../rcsetup142.exe

ftp://9c8f5fac50dd169bf87e5f2274e23aa8:1341525202@ftpclubicb9a.clubic.com/.../recuva_recuva_1.42.544_francais_31279.exe

Latest 30 of 32 download URLs

Scan rcsetup142.exe - Powered by Reason Core Security