recuva_v1.50.1036.exe

Recuva

Piriform Ltd

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.recuva.fr and multiple other hosts.
Publisher:
Piriform Ltd  (signed and verified)

Product:
Recuva

Description:
Recuva Installer

Version:
1.0.0.0

MD5:
8b42651af8fffc80b4ac929ada1d8beb

SHA-1:
107c5841249c0ad2ef50f5ca4dc6331b37497836

SHA-256:
46952bd05130f6da17e934f4896950929291c5068e6bf641dacb52f4cacac1c1

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/23/2024 1:35:16 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Bundled.Toolbar.Google
8.9336

Trend Micro House Call
TROJ_GEN.F47V0120
7.2.25

File size:
3.9 MB (4,092,088 bytes)

Copyright:
Copyright © 2006-2014 Piriform Ltd

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\recuva_v1.50.1036.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/25/2013 4:00:00 AM

Valid to:
9/25/2015 3:59:59 AM

Subject:
CN=Piriform Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Piriform Ltd, L=London, S=London, C=GB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
785AF6D521F67E132D53385742CE9B35

File PE Metadata
Compilation timestamp:
2/24/2012 11:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:WsMAa5rPTP+CuQpgQ0yesdA4soqPfciQCqV0Z4/7G:WsUT4yFrlqPVK0MC

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file recuva_v1.50.1036.exe has been discovered within the following programs.

360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).
www.360amigo.com
53% remove it
Recuva  by Piriform
Recuva is a data recovery program and is able to recover files that have been "permanently" deleted and marked by the operating system as free space.
www.piriform.com/recuva
8% remove it
 
Powered by Should I Remove It?

The file recuva_v1.50.1036.exe has been seen being distributed by the following 50 URLs.

http://www.recuva.fr/fichier/c1cbbfb662a14c28ddce5431fde44854/586c5c04/.../Recuva_1.50_7549.exe

http://www.recuva.fr/fichier/a30fc2a5f09fe3837b156eff9655f2cc/57e43d09/.../Recuva_1.50_7549.exe

http://www.recuva.fr/fichier/49cf503976d7eafa1b092933375ec154/58a930b5/.../Recuva_1.50_7549.exe

http://www.recuva.fr/fichier/783701dcc7738f31e95d579ff26ee32d/5839b7f4/.../Recuva_1.50_7549.exe

http://download1615.mediafire.com/9ki7k6ata6rg/.../Recuva Recupera tus archivos.exe

http://www.recuva.fr/fichier/eea2b6b711b8814c09dc35f4639645e2/57001ad3/.../Recuva_1.50_7549.exe

http://download1615.mediafire.com/lj30uhbh9azg/.../Recuva Recupera tus archivos.exe

http://global-shared-files-l3.softonic.com/107/c58/.../file?nvb=20140313042814&nva=20140313162914&token=041165bec6f0acde51512&id_file=58808&channel=WEB&instance=softonic_es&type=PROGRAM&fdh=yes&SD_used=0&filename=rcsetup150.exe

http://download1621.mediafire.com/acbprpc44p1g/.../Recuva Recupera tus archivos.exe

temp:rcsetup150.exe

http://www.recuva.fr/fichier/3593def31a3abcf5ca6ba8abde6d8b59/58307e0b/.../Recuva_1.50_7549.exe

http://global-shared-files-l3.softonic.com/107/c58/.../file?nvb=20140123171506&nva=20140124051606&token=0bd7a01c03a0108171697&id_file=58808&channel=WEB&instance=softonic_es&type=PROGRAM&fdh=yes&SD_used=0&filename=rcsetup150.exe

http://www.recuva.fr/fichier/1bf1cf7dec0ac62a725de2e15838aa8d/554fd000/.../Recuva_1.50_7549.exe

http://www.recuva.fr/fichier/55ec0d5f2c276b39ec4f9e6eca6bc278/58131e0f/.../Recuva_1.50_7549.exe

http://www.recuva.fr/fichier/303790447d5386080f3c2bd48d94abdf/57ab4fb5/.../Recuva_1.50_7549.exe

http://download1621.mediafire.com/12ygw05yaadg/.../Recuva Recupera tus archivos.exe

http://download1621.mediafire.com/39f808rj7u0g/.../Recuva Recupera tus archivos.exe

http://lb.cdn.m6web.fr/d/c/a/241cd92976d513f03d8145b41205b70e/53539330/soft/.../recuva_1-50_fr_31279.exe

http://download1386.mediafire.com/nedmdv5m9xfg/.../Recuva Recupera tus archivos.exe

http://www.filehippo.com/download/file/.../

http://download1621.mediafire.com/v5he67da04yg/.../Recuva Recupera tus archivos.exe

http://filehippo.com/download/file/.../

http://www.recuva.fr/fichier/221d1981f9fef2bbdae32588950e950f/57da583c/.../Recuva_1.50_7549.exe

https://mega.nz/temporary/.../jVVGVAaB

http://www.capitalvaultsbits.com/fakJ DELdDRDJNaZAluCCo1pvzrWhhR8KrqtlArC6pe 2Xd8IadzwYz63htFQGCluHMtUJpghB4y sDak3LqWzqFS_VWhs7bBV2Y3AHuf6Hx64CWRBpJaSnPBQjnIWqmd7ST_k2geF4Kchh6qjYo__ ZxKYclCk7NcvZO5MHXuJUXxuSxJtJzBrteqtjaq0xJjNBNZqQRBAkMJE_y0GVk3IyH8bwag==-GyoAAERveH52OC8txWUpYCIH7G0lcEB_Y5wH8sbID3bcOGhik_eR41QC

http://download1464.mediafire.com/6hxubhfxc63g/.../Recuva Recupera tus archivos.exe

http://www.recuva.fr/fichier/deea2b5fda0f933c777695dc33ce7797/581b5276/.../Recuva_1.50_7549.exe

http://www.recuva.fr/fichier/ddecfe241bd1658e8703fd6eb9e92388/53ff3d63/.../Recuva_1.50_7549.exe

http://download1040.mediafire.com/m27ww47ngidg/.../Recuva Recupera tus archivos.exe

http://lb.cdn.m6web.fr/d/c/a/87875f84d9ff93265a465a4581c7f40a/5346c24b/soft/.../recuva_1-50_fr_31279.exe

Latest 30 of 292 download URLs

Scan recuva_v1.50.1036.exe - Powered by Reason Core Security