rcsetup151.exe

Recuva

Piriform Ltd

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
Piriform Ltd  (signed and verified)

Product:
Recuva

Description:
Recuva Installer

Version:
1.0.0.0

MD5:
3f9c12e62a0ae1d7a9dbb252195c4c54

SHA-1:
85c2e758dadb8a93064ca5cedf96bc69c021b84c

SHA-256:
283cf1f8ca12b48c22a0213eb919822a12ae09ccbe5fbb887b0b6ba709394591

Scanner detections:
2 / 68

Status:
Clean  (2 possible false positive detections)

Analysis date:
11/2/2024 1:36:56 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Bundled.Toolbar.Google.D potentially unsafe application
8.0.319.0

Reason Heuristics
PUP.Bundle.Toolbar (M)
16.11.11.1

File size:
4 MB (4,210,920 bytes)

Copyright:
Copyright © 2006-2014 Piriform Ltd

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/24/2013 9:00:00 PM

Valid to:
9/24/2015 8:59:59 PM

Subject:
CN=Piriform Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Piriform Ltd, L=London, S=London, C=GB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
785AF6D521F67E132D53385742CE9B35

File PE Metadata
Compilation timestamp:
2/24/2012 4:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:T7XJ9sO1+n3YxMDvna7MSvBIoB4MPnhw9/7NzKJR23aVC2:Z9skK3SMeISuoBHPnhm/0RbH

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file rcsetup151.exe has been discovered within the following programs.

360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).
www.360amigo.com
53% remove it
8% remove it
Recuva  by Piriform
Recuva is a data recovery program and is able to recover files that have been "permanently" deleted and marked by the operating system as free space.
www.piriform.com/recuva
8% remove it
 
Powered by Should I Remove It?

The file rcsetup151.exe has been seen being distributed by the following 50 URLs.

http://gsf-cf.softonic.com/85c/2e7/.../file?instance=softonic_es&Expires=1412400887&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=Kjy~jMcP6-AreDZ63afwzLMuZpTXtr9YHJBKUYANS1oJJgaClXWZ2QO~qFcJ2NPA5mlLOaevZ-DtFxp4juScEI8ue~YmpR8TPIcSkxpaazaSxvP7MB4oVjzAGb2kud7ifW-Y3XZkoYSAifmBUWQI8uWFFr2u-rHLK1f3hxCMC3Y_&filename=rcsetup151.exe

http://gsf-cf.softonic.com/85c/2e7/.../file?instance=softonic_br&Expires=1415133603&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=Clzm3aSbL9r9z6tTEpPalqsdeS04DnkLlCroBLoSaSMaU5A0O6P1uLCk20e9yRye68qxnJyTz4AAEmI6gSk2LO5SGSsmr8t7lsUXCQq9op0yZgy2M8sFGfJSWt6Ho-C85P4c6QIXRbEl7JOZKIb1grbwJDuZx08qT3La1AfuEZo_&filename=rcsetup151.exe

http://www.filehippo.com/es/download/file/.../

http://www.filehippo.com/download/file/.../

http://gsf-cf.softonic.com/85c/2e7/.../file?instance=softonic_es&Expires=1414074842&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=KX~VGlKPJz4BSfeIAFZ-xo-0MVAETvr~PCVDnGmi-EenOBMC0F~JR3DLsG~-LvY~UvIpDoUVgq0hgMAOzbqXCEEvzbkkxwSfPcfjS0NHupvewjvIArYeOQgYrvt-PyH~zK3PuR3Ny8rGF31mmE6~CzIIIRxbE8GbTf613xmtqbI_&filename=rcsetup151.exe

http://www.filehippo.com/es/download/file/.../

http://www.filehippo.com/download/file/.../

http://www.filehippo.com/es/download/file/.../

http://gsf-cf.softonic.com/85c/2e7/.../file?instance=softonic_es&Expires=1415683185&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=EIg8TOiTk6VwQmsY4nu1Z3OcRpaqv1CjooS57dO3O8bqAWCwYzW7nwVsXXdCypRJBdSFGFFa~M2DWAJj5Ujfsk-4BCkJj7eURXzE91ozjWZwU5YtVORm4jq~y7THtTTJNfMVuukii0cWX~LBxUPfCwOJslFhbVJtsdxqttQWtyY_&filename=rcsetup151.exe

http://recuva.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-flqGLpaOgkps=

http://www.filehippo.com/download/file/.../

http://www.filehippo.com/download/file/.../

http://www.filehippo.com/download/file/.../

http://www.filehippo.com/download/file/.../

http://global-shared-files-l3.softonic.com/85c/2e7/.../file?nvb=20141108222411&nva=20141109102511&token=075822373db3a20a24e4f&instance=softonic_es&filename=rcsetup151.exe

http://lb.cdn.m6web.fr/d/c/a/1a244703f7795240a783c6c6c5d91ccd/541ebe50/soft/.../recuva_1-51_fr_31279.exe

http://filehippo.com/download/file/.../

http://www.filehippo.com/download/file/.../

http://download723.mediafire.com/tquujcovlrbg/.../rcsetup151.exe

http://www.filehippo.com/download/file/.../

http://www.filehippo.com/download/file/.../

http://download760.mediafire.com/cs3mm6t3h3tg/.../rcsetup151.exe

http://gsf-cf.softonic.com//85c/2e7/.../file?id_file=58808&channel=WEB&instance=softonic_es&type=PROGRAM&fdh=yes&SD_used=0&Expires=1405602169&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=KBPF1fmssS-9sChWQmb43MBohK92-~LR17FM70yZeatXfwNGcKLxFuPt-jMHpdBF-Q7Y8HA51B~AHSMq~qscu3PzDHdz~GCdgHuXL6nuT~gVcZIdZUpMEfP~FaDXP-fCaczSgsZDpuoStIpx9-9r3jsgVSBrfuRtXU0d86JMIY4_&filename=rcsetup151.exe

http://www.filehippo.com/download/file/.../

http://fs32.filehippo.com/1860/.../rcsetup151.exe

http://lb.cdn.m6web.fr/d/c/a/a8801d68b5d02382505fbda9be79c515/558f1cad/soft/.../recuva_1-51_fr_31279.exe

http://www.filehippo.com/download/file/.../

http://www.filehippo.com/es/download/file/.../

http://gsf-cf.softonic.com//85c/2e7/.../file?id_file=58808&channel=WEB&instance=softonic_es&type=PROGRAM&fdh=yes&SD_used=0&Expires=1411189681&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=Rhi3xZhCzPqSZg1Inq~HnNkTbKT7DqXSXZnV~-gdaSeQJnDcbQYnK9Mu0vnlA4FQswiWqxKNX0RoYOUD8pAG0CzGGcxeDueNfs7242vsyFEzLX-XFuxt4guWGi3D-JZd1TCIgzr15wpOe25YPk0JTLQ68jU3j2SGcRd8Os1Bof4_&filename=rcsetup151.exe

http://gsf-cf.softonic.com/85c/2e7/.../file?instance=softonic_es&Expires=1415789608&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=BO733lLCky62EKdcBq~-PEVAu8VhnYMG9w68m-rDityN0iw2c38cjZk1QP8VwhTi0ti3XAjzI2X7cjCIZib3FgkHnTwRjNuOjYWCpcVi8H955g6TmCbYegbpx3oJRbwEltmSRydxeMWFLLWCxqVAnpTezPXdVvCxIs52PVn9emw_&filename=rcsetup151.exe

Latest 30 of 995 download URLs

Scan rcsetup151.exe - Powered by Reason Core Security