home

Screenpresso.exe

Screenpresso

Learnpulse

This is installed with Screenpresso. The file has been seen being downloaded from gateway.zscalertwo.net and multiple other hosts.
Publisher:
Learnpulse  (signed and verified)

Product:
Screenpresso

Version:
1.6.4.0

MD5:
50f3c858d11a8d95e3213d66d4271dcd

SHA-1:
200d3b164b256536fdf0ea52f2d3977183cf5795

SHA-256:
00b6dfbc2c0b77de58056aabfc0b963aa6eec81396f260c477e3b9fcf91413ea

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 5:55:13 PM UTC  (today)

File size:
11.8 MB (12,370,664 bytes)

Product version:
1.6.4.0

Copyright:
Copyright © Learnpulse 2016

Original file name:
Screenpresso.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\screenpresso.exe

Digital Signature
Signed by:
Learnpulse

Authority:
Thawte, Inc.

Valid from:
4/20/2016 3:00:00 AM

Valid to:
5/7/2018 2:59:59 AM

Subject:
CN=Learnpulse, O=Learnpulse, L=TOULOUSE, S=Haute Garonne, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
667DFE89CA47ADFF057FB913EEF627E4

File PE Metadata
Compilation timestamp:
6/17/2016 12:13:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
196608:6E/ZsFdlittgAOo9KRswp8cRbAeYgzFi0FCEUkQh9:NZsXSOQK7pFRbAeJgF

Entry address:
0xBA5EDA

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 43, BF, 63, 57, 00, 00, 00, 00, 02, 00, 00, 00, 60, 00, 00, 00, 1C, 5F, BA, 00, 1C, 41, BA, 00, 52, 53, 44, 53, CD, BD, 1E, 29, 82, 86, EE, 41, 95, E7, 56, 9F, 67, A6, 18, A4, 01, 00, 00, 00, 63, 3A, 5C, 50, 65, 72, 73, 6F, 5C, 67, 69, 74, 5C, 53, 63, 72, 65, 65, 6E, 70, 72, 65, 73, 73, 6F, 5C, 53, 63, 72, 65, 65, 6E, 70, 72, 65, 73, 73, 6F...
 
[+]

Entropy:
7.0561

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
11.6 MB (12,206,080 bytes)

The file Screenpresso.exe has been discovered within the following program.

Screenpresso  by LearnPulse
www.screenpresso.com
About 8% of users remove it
 
Powered by Should I Remove It?

The file Screenpresso.exe has been seen being distributed by the following 6 URLs.

https://gateway.zscalertwo.net/auD?origurl=http://www.screenpresso.com/.../Screenpresso.exe

http://software.thaiware.com/download_url.php?id=13245

http://cdn.screenpresso.com/.../Screenpresso.exe

http://fr.screenpresso.com/.../Screenpresso.exe

http://www.screenpresso.com/.../Screenpresso.exe

http://screenpresso.com/.../Screenpresso.exe

Scan Screenpresso.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.