home

repairmyexcel-setup.exe

GetData Pty Ltd

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from download.eu1.cloud.getdata.com.
Publisher:
GetData Pty Ltd

Description:
Repair and recover Microsoft Excel files

Version:
1.1.0.71

MD5:
684f5d156ad8cac2a337820e989002f7

SHA-1:
26216d0f5cdde85f51d7f98f0d63100c32d5bc79

SHA-256:
940afa4b9b91e41392859c6b11bb5d1c2a2cc4fee10142ccd1be03c16f474b6a

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/26/2024 12:22:14 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160216-0

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

File size:
5 MB (5,193,960 bytes)

Copyright:
Copyright © 2006 GetData Pty Ltd

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\repairmyexcel-setup.exe

File PE Metadata
Compilation timestamp:
6/20/1992 3:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:jzkx70lTkV8WfnDGOFJwk1zCuQi6jyBCX8dbiU7dA4OF9T5VRFv:Pkxqkzvb/zCuQi6zX8RiMULn

Entry address:
0x98D8

Entry point:
B4, 00, 8D, 05, 22, 2E, 6E, 98, FF, C7, 80, EC, 84, 69, E9, 45, E5, 5E, 6E, 80, C1, 1A, EB, 0B, 0F, B7, D7, BE, 2F, 75, 83, 0D, 0F, BF, EF, 01, ED, 8D, 15, 4C, 20, 36, F4, F3, 3B, D8, C6, C4, 30, 0F, AF, EE, FE, CD, 45, F3, FE, C6, BE, 9A, 72, 3A, 1B, 3D, AD, 97, 00, 00, 73, 08, FF, C1, 69, EA, 96, 5F, 92, 8B, F2, 68, E5, 14, 00, 00, 81, F5, DE, 67, CE, 9A, C7, C0, B0, E7, F9, 34, 80, F3, 62, 5F, 8D, 0D, AF, CA, 6E, 91, 81, EF, 80, 09, 00, 00, 24, C3, 3D, 0C, 5B, 1B, 5B, 0F, AF, C2, 15, C7, 5A, BD, 59, C7...
 
[+]

Entropy:
7.9990  (probably packed)

Code size:
36 KB (36,864 bytes)

The file repairmyexcel-setup.exe has been seen being distributed by the following URL.

http://download.eu1.cloud.getdata.com/RepairMyExcel-Setup.exe

Scan repairmyexcel-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.