rs-repair-ppt.exe

Remo Repair PowerPoint

Remo Software

The application rs-repair-ppt.exe, “Remo Repair PowerPoint Setup ” by Remo Software has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from gsf-cf.softonic.com.
Publisher:
Remo Software  (signed and verified)

Product:
Remo Repair PowerPoint

Description:
Remo Repair PowerPoint Setup

Version:
2.0.0.17

MD5:
7dda80b758fa03867c40e1a5e103b882

SHA-1:
42d23d2104ebf0f5940bfc8f49cfdecff79d4c15

SHA-256:
d34b26226ed75d0ed6d0df8fd017f2530d1f5c53994b6489afbb8fc4f862af5f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/24/2024 12:20:04 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.CSH (L)
16.12.7.10

File size:
7.9 MB (8,321,960 bytes)

Product version:
2.0.0.17

Copyright:
Copyright © Remo Software, All rights reserved.

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\rs-repair-ppt.exe

Digital Signature
Signed by:

Authority:
The USERTRUST Network

Valid from:
1/16/2011 4:00:00 PM

Valid to:
1/16/2014 3:59:59 PM

Subject:
CN=Remo Software, O=Remo Software, STREET=18/10 3rd Floor Saleh Center, STREET=Cunningham Road, L=Bangalore, S=Karnataka, PostalCode=560052, C=IN

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00A31521595BE443AD7CC930DAB868D516

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9479

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file rs-repair-ppt.exe has been seen being distributed by the following URL.

http://gsf-cf.softonic.com/b4c/c60/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69669646&instance=softonic_en&type=PROGRAM&Expires=1472310051&Signature=DfqrA4Ki6Xcb0NyiJPkBy0TX-SHz8ei~PUS5aG0ayKVx0HZRdnhnlSxBrXi2QIvY7bb026VBr5eqQHdlMDaMW8uAfKOpD~Y6emq0AA5YHqbz0-d880AZTCf9pBL0-q4l1U6FvfULuOLEvGRjDFvFr3ortGTv6Njt3~SXt3SZsqM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=rs-repair-ppt.exe

Remove rs-repair-ppt.exe - Powered by Reason Core Security