home

Screenpresso.exe

Screenpresso

Learnpulse

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Screenpresso’.
Publisher:
Learnpulse  (signed and verified)

Product:
Screenpresso

Version:
1.4.1.0

MD5:
8d8dac2e5da194b1bea92d493b48b160

SHA-1:
91b7dc0a5791f92e272807d93d50934abce77719

SHA-256:
267cdfd908da487d471004c98d92706f4303fdac90d572282d29eb43cf27cc6c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 5:09:08 PM UTC  (today)

File size:
10.4 MB (10,879,504 bytes)

Product version:
1.4.1.0

Copyright:
Copyright © Learnpulse 2013

Original file name:
Screenpresso.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\learnpulse\screenpresso\screenpresso.exe

Digital Signature
Signed by:
Learnpulse

Authority:
Thawte, Inc.

Valid from:
5/7/2012 7:00:00 AM

Valid to:
5/8/2014 6:59:59 AM

Subject:
CN=Learnpulse, O=Learnpulse, L=TOULOUSE, S=Haute Garonne, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0CF0EE663ED93624F258037598D19C9A

File PE Metadata
Compilation timestamp:
8/6/2013 2:58:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
196608:HxqIzlua8qHQEQ64aNESSHj2dh+BsUzBvdUCy87jj1bRcavRpakWpGizITs5:gyWjjLca/iQizx5

Entry address:
0xA59A4E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 9D, AC, 00, 52, 00, 00, 00, 00, 02, 00, 00, 00, 54, 00, 00, 00, 90, 9A, A5, 00, 90, 7C, A5, 00, 52, 53, 44, 53, 4F, FA, 34, 8B, C9, DF, A6, 4D, 84, DC, 8C, 8D, 8B, A6, B3, 1D, 01, 00, 00, 00, 63, 3A, 5C, 6C, 65, 61, 72, 6E, 70, 75, 6C, 73, 65, 5C, 53, 63, 72, 65, 65, 6E, 70, 72, 65, 73, 73, 6F, 5C, 73, 72, 63, 5C, 6F, 62, 6A, 5C, 52, 65, 6C...
 
[+]

Entropy:
6.3267

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
10.3 MB (10,845,184 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Screenpresso

Command:
"C:\users\{user}\appdata\local\learnpulse\screenpresso\screenpresso.exe" -startup


Scan Screenpresso.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.