rcsetup153.exe

Recuva

Piriform Ltd

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from filehippo.com and multiple other hosts.
Publisher:
Piriform Ltd  (signed and verified)

Product:
Recuva

Description:
Recuva Installer

Version:
1.0.0.0

MD5:
981e63069729e977237100ce02ba6fc8

SHA-1:
1ab704fe0d4fa8c1585a6e98571e646fdbccee30

SHA-256:
f1c4c64796aa719f569c4ae6a904a27a768ba48f5aaa735f58e1947e71dcb91a

Scanner detections:
2 / 68

Status:
Clean  (2 possible false positive detections)

Analysis date:
11/23/2024 6:02:25 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Bundled.Toolbar.Google.D potentially unsafe application
6.3.12010.0

Reason Heuristics
PUP.Bundle.Toolbar (M)
16.11.11.1

File size:
5.2 MB (5,473,600 bytes)

Copyright:
Copyright © 2006-2016 Piriform Ltd

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\programs\rcsetup153.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
8/12/2015 2:00:00 AM

Valid to:
10/11/2018 1:59:59 AM

Subject:
CN=Piriform Ltd, O=Piriform Ltd, L=London, S=London, C=GB

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
4B48B27C8224FE37B17A6A2ED7A81C9F

File PE Metadata
Compilation timestamp:
12/29/2015 10:34:49 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:um+Og+3JvWhsR2f3vijz89fTytq5+gbvHrZidRMLSJbvrm+QNjs+l:um+OzpWGR2sz89f2k9vMrPJL7sl

Entry address:
0x3A1C

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 5E, 33, ED, 68, 01, 80, 00, 00, 89, 6C, 24, 1C, C7, 44, 24, 14, C8, A1, 40, 00, 89, 6C, 24, 18, FF, 15, 74, 91, 40, 00, FF, 15, B8, 90, 40, 00, 66, 83, F8, 06, 74, 11, 55, E8, 70, 2B, 00, 00, 3B, C5, 74, 07, 68, 00, 0C, 00, 00, FF, D0, 68, 38, A3, 40, 00, E8, 00, 2B, 00, 00, 68, 28, A3, 40, 00, E8, F6, 2A, 00, 00, 68, 14, A3, 40, 00, E8, EC, 2A, 00, 00, 6A, 0D, E8, 40, 2B, 00, 00, 6A, 0B, E8, 39, 2B, 00, 00, A3, F0, 3D, 47, 00, FF, 15, 34, 90, 40, 00, 55, FF...
 
[+]

Entropy:
7.9974

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file rcsetup153.exe has been seen being distributed by the following 50 URLs.

http://filehippo.com/download/file/.../

http://filehippo.com/download/file/.../

https://dw.uptodown.com/dwn/jEZYTb47KINMaz_XNDh84CKfShcL5-UU7WB8UG7S8wlhj7pEFJU1ngTcNssjh5b1N4pQ0rD3av6pxjQs3zYHBKxIAZr8Zki2LoBjkDYvHwtgWCKmEpHnAR5h1fja2p1O/eI2T__OUr4JGAFGcjmAn5FwMGGYYgvZdgcG3nWDXNqpgeaztCZ091YRnEUBeimPR81yrhpLMRcf4DrqH3c-5uh4llacDZx7WihhG4h8TYKfSL8y3-FAmlUMr814C_Uhn/4dDey9qKZJRQXwEBmyO27sCYi4IrtWUlXl1In6O3DCVCL_8uTvOFTVUX8mKM9Hft5Y8FtAEXsm9WDRvlXZhlJuC-XtwYESOEJ7QtrmqKkRBDjF3CcFjJqt80ZzYT0d-u/.../

https://dw.uptodown.com/dwn/8n5tVq1W3WwW5-CiFl0fp508C7ceTyjx8GdoXB8mRJqKIGoGqa2KXf9ltXSgCFls40omqjRtuMN26bsxMNR1rfIIsm5UOWlDth56OX2x5htGbwjdA6cPVwoKif8SYh5d/laKoxbqsjZfEkik9XIfbMTpEvV69llgUPBMtvxygINXHnC3Ky8n5H7l2J1rZ-W2Db4LqDuGXtHN46GPU7LJladHAzjBYJGAn1c5jKGV8Td9ppNOaNOwnzLT38ZAwnqbX/mE6A2uAVu7FiVtALNreA07qvFw3I3qXUrz1eQ9muHIfndHRObazc8hBH29E8e4c24CgXr29XDxUq62XE5apmrQnRNUaRceQ9xcCaqaHSK10ZAV5dF4pOBBGnLp-Ddshd/.../

http://filehippo.com/download/file/.../

http://filehippo.com/download/file/.../

http://lb.cdn.m6web.fr/d/c/a/76c4055d2008428dd09b7ead1df7823f/586935fc/soft/.../recuva_1-53_fr_31279.exe

https://dw.uptodown.com/dwn/z-TzU-lI-Xpi5JofYCHaUJ2JLKWN9RTcmxaR5uyMNkjMZfesG_Ha7ZaUB3dmnIOBJibN9Um8RCOsW2HQjOHGoeceXyqOicVHb3XOSFn12XShUav6ZI1hLuCQCbGlzyds/7xolnEnHXMuUmX3V4j2mqIs24UJIVSc0GvsF-C9JZv4hPfirdWkP1Xdv3nZsQJiyovyJeP58ZfRb8iiPd4WL9bJBJzF4xEl_afeHXBbggFICD0dyoAvZo7Ygw-Hk-8tX/5IzpQszqm1eNHaGmd8BZkTY_Z3xioUx1tBPOYjmzUBPdwgpWBtlguF5LTCwoYRaSpuLAnuu8vPvDxQsT64TBRQmSOMFNTds8rdtUqDq4ll3SmUTPy97ObwYPRQVZox32/.../

http://dw.uptodown.com/dwn/ajlyuGn3d300Ry7Nm8p9rT1lF3oooUHR7S96rRB7bLF2fx5zDc4H1_ysXzwnzRtRiHsHO6M_9HH4SR0RX7v5IRKr52_zrVO8PYxT64mi5NSMlLQPHWY6To7q2HqgB2aO/a4_JbArQzYxJgqzGh7I713E2vU64DtD-86k3R872IDR3aGnH2DSKUosOTntVZik3yOOrteSnlcvRFQs_JJsjg2SXM6WYSslYkgX_J3bMLNxVvTSR-LpY9QyjlZEeJEzU/KFjZgNG9eG5FGsHiPy2gqxHGwhjoU_g96IFwsNL0s1KCGdSnrCMhdegCMoD-wRkYWTsQLX_SdkJeWnKzAI5_D05dg2epWHeSmnWIVdaRFMcc8n4WO99-4YOoU58WyHyy/.../

https://dw.uptodown.com/dwn/5R6A0siXCxqjvsIAH9CB4fyDZh_GKei4vOjIXe_DI0XRi0dPiHTBB6OgilaO_kN8aiw_CLzlBE5AbpMZEmofaK86fgCkbqozMNLW3RNoJygIuYQD7Acj6HIoJYdUAKEM/gEzvISNcjUGIVW4qu0C8lE99zAb2unEZKDXdBslM9lgVuKOZCXZNPMq-tcKE1Kl4NnCWTQb4vB9Y0Rg3Y7edrA958-SK4pN3vvMnZTtrMoFF7HICFngUvUkITDyjSZiO/dZhEjssOCWYS8XQgVNkgm26Fj_QBxBJB9ewNqkPi513Ex3Uw1rR1-fdRGElZ3JQaLd3p16r1NTTYQ8gMJo06rj7UQ96e3ZpXKj3pD51h_prMRnybBtIE3xgsgcRCwjTg/.../

https://dw.uptodown.com/dwn/ueE8xtOzohvEDq1OjAvdsC4U6LyaAxPH2DRuc-l8akbNKqvvOBk6uQPNHguhiiWT4e6Dlmba953XepGE2t2-8NnGAXMRoFRObGJVr5NXqD5im-XnSsnsm7Fg0oNMsuAZ/KDG9kBcArjdojQQqEXFWt3gaExAahab2qkoTTCj4ljfWVAldvoXGmDtJEzm4-HoVieZBHPelJ5rLEXELUR6lWHvah6k1qC4WXyzfUll7eHP4GKdfG0x13e9hy2ECxJml/wl3hpoaFTix337thIEF13ynavnnsb6EL-Axot0PQBnPxbl7khpp8LWpwPj_1VbdwZ77hG0e2zipVcKp5Lmvi2fjK9mkZQa5QwXLgjZhMnOHCbToV9MrzuWTenlPVdBTw/.../

https://dw.uptodown.com/dwn/BNiHAP0bzSMPAXAlQOeWOyNBbJitDz3vd9EjLqBs3RnfZbu8P7vbTA7cgAa6M6i7563DWnXwY_TgX2RW68l8POucP127j3CRNo0VGkTv88sFX2sAfVqjX4a77dYxA0z5/tCa4oFjEYpKkYpt5YB0J3XZcYML0PD_BN9rhFax6FcSGMYVZf5d8DN_i206TPf1KL1I2kG2vKGnIgFBMaguxIl3_TXB_oRHX6g913vHzZZjhtoMBxJRhSAjC4h9zwyUh/P9ekj7-khaDqOjOF4NldiFEJ0IvTyDkTSykzSWUngV0pDw9wwECEIW-MM2bk-nC0qn-4czpdMPABSFILJtDYHmdS_iXDQ2nDYciWkCxzs4S_OnGNsjbsG0QoECXngODL/.../

https://dw.uptodown.com/dwn/FPF3sh_iiWw6We3AdFDC-kpV-Y4q9_w8HPSDvW6VvfGz6GJ652QhSzTcUiWxcEVtYmmerliab-qybm6j0QOpcd6CzI_6oj0vjhhRtk0cJbs6Udk6WVFpNo6gLN_aBmP9/SUdQkdcAPpWsifAAPbTgM8CemGPh_DdhqOBz14RhcAYXlz6xDJxhxNGJLYpA2XKLcJHslf6V3C8GbHeOvYpm5OJjMbvOyJ4gOEBur2ii--81VXlKTQXl2tuUIDglae7h/c_1iTUysMxbGUGaq6wKdvzFQoCpYqYZdti_vmJl093h187BvuL8ri6nOPHyl27Zf8z80aUmCcxr6BOkknJNF1eIBIi28HaA8XAVzLeQ-2Tl4GYZ4TiW3SN_c6mGc15H-/.../

http://filehippo.com/download/file/.../

https://secure.giga-downloads.de/dl/.../

http://filehippo.com/download/file/.../

http://ftp-stahuj.centrum.cz/dl/e362432e6ad15d06042dd8fff1344c9d/58a9af1f/stahuj/download/software/secured/r/recuva/.../rcsetup153.exe

http://filehippo.com/es/download/file/.../

http://filehippo.com/download/file/.../

http://filehippo.com/download/file/.../

https://dw4.uptodown.com/dwn/3921uR2JFoann3HLq0SymSpMTMjWkN_L7cz4r2QrzbED3CcBr8ODICtNFXIgNv_nvTZvrtjB6abTbd7X0A7b7Sjum6n6cKCqbr8BU3VbeWJ76hwSTGcZ7uLGJV0shgen/RwtaxE2PFJZpJCz0J1c1X6w5c4Lun7SNZl4i2oP_24UWoGsCb7F5kMhQvRSYy3Mfev4qZikzevPVMKDggT1ZwX2jn0xlItl9qEGTVBKpNTIqr1HbM22b5SacQzqipWuS/kajlEkeXn-VxoBegoVhOLe6tBLyrUbVkOMHnLKhYKNv3lGQFrn-JFIttB_1LY0mfEYBea9JkcMC6PUy7be2OBoODcNVp_db8tS5G84gTAIkgnPNCnWtJlPGY6gloA9Zl/.../recuva-1-53-1087.exe

http://dw.uptodown.com/dwn/KRNWQJ1cw4DhXf8BSOgiF6nT7rmbVuBZp7sGUSvljtaq2IOqttX9IXhk6qAoDgZOzLvX4FtgoJ6pFOuYgwuSWNvY0TiiE4QUz0CCwDPcWND9X2SIX2mCYwhFKZ3v84DV/vD-vfx88ukKXgrILN3v-j56egzr9iTeu6fYXlHS3F7_IfuvgWPpHSdNEzywfaV4X5tnYvH-_c6zvPF22XLlIu2JF9yzYA8E-bzoQRhF2-KSKTNgNg_dB7pS50SoeF4gi/.../

http://filehippo.com/download/file/.../

https://dw.uptodown.com/dwn/qer75idafV2lgYF7aUeg7AFNP2Q98HLB7B2fiekxTx4YiwnfYCPFt2O-8K1g0aJXw4AFn-i8iLOZCve_UxqtDnTa8hk1H8BLiCc6KrNPfRQJQ4yW9KUUeTfGfqio1NAW/hAoGFpYe1YUhZINvn-uIHusR1uSTAHqjRI5vfRnEMBaaMsBNiA4rGzxtELXwtnBPjREzhMT70ganPd9Q26Z46Zz4wCyyPMhM_J1H1XhA8TrYJ1xkJbhC2i0x_HdHWrIS/XCwEqY1HsF1iUq1JZ5_PpvcfdMfYCkW5gGoCh3Ib46vQmaarJyDNd-pH_dlAB-MHkwUnmY4uukrTZHw0jLN1tBjyFAzk6BIfVDC_yi8rbDASjbYhlwSRh0dS-9gGtFau/.../

http://filehippo.com/download/file/.../

http://filehippo.com/download/file/.../

http://filehippo.com/es/download/file/.../

http://filehippo.com/es/download/file/.../

http://ftp-stahuj.centrum.cz/dl/f58c9c1c5db6606e3511f4ad624fb907/5892090d/stahuj/download/software/secured/r/recuva/.../rcsetup153.exe

http://lb.cdn.m6web.fr/d/c/a/1e8eb3a25d3183f23a382a376657c8d6/584c2ef9/soft/.../recuva_1-53_fr_31279.exe

Latest 30 of 1,265 download URLs

Scan rcsetup153.exe - Powered by Reason Core Security