Screenpresso.exe

Screenpresso

Learnpulse

This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Screenpresso’. This is installed with Screenpresso. The file has been seen being downloaded from www.computers-bg.net and multiple other hosts.
Publisher:
Learnpulse  (signed and verified)

Product:
Screenpresso

Version:
1.4.3.0

MD5:
fd9124fce65c6741f23bc5b31492e2e3

SHA-1:
d0b5433ee8b4703d128e213b836895ec521452a6

SHA-256:
9484768477000da89b31af05399bb74b3d0e7e7cbe813e092ea08b8d4bca8b4e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/25/2024 5:09:28 PM UTC  (today)

File size:
8.2 MB (8,646,160 bytes)

Product version:
1.4.3.0

Copyright:
Copyright © Learnpulse 2013

Original file name:
Screenpresso.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Application data\learnpulse\screenpresso\screenpresso.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
5/7/2012 2:00:00 AM

Valid to:
5/8/2014 1:59:59 AM

Subject:
CN=Learnpulse, O=Learnpulse, L=TOULOUSE, S=Haute Garonne, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0CF0EE663ED93624F258037598D19C9A

File PE Metadata
Compilation timestamp:
9/29/2013 11:42:21 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
98304:et+53QBJA7dK+AXjOYgtwb3R+osxjww6ond9YKlL2+MyYUCRqShpcGHHtF:etnDXjDsw2PdiCdMHLhqG/

Entry address:
0x83868E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, AA, 9E, 48, 52, 00, 00, 00, 00, 02, 00, 00, 00, 5A, 00, 00, 00, D0, 86, 83, 00, D0, 68, 83, 00, 52, 53, 44, 53, 1C, 72, 15, 45, 15, E3, F1, 4E, B3, AC, 9E, B1, 10, 64, C0, A7, 01, 00, 00, 00, 63, 3A, 5C, 67, 69, 74, 5C, 53, 63, 72, 65, 65, 6E, 70, 72, 65, 73, 73, 6F, 5C, 53, 63, 72, 65, 65, 6E, 70, 72, 65, 73, 73, 6F, 5C, 73, 72, 63, 5C, 6F...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
8.2 MB (8,611,840 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Screenpresso

Command:
"C:\Documents and Settings\{user}\Application data\learnpulse\screenpresso\screenpresso.exe" -startup


The file Screenpresso.exe has been discovered within the following program.

Screenpresso  by LearnPulse
www.screenpresso.com
About 8% of users remove it
 
Powered by Should I Remove It?

The file Screenpresso.exe has been seen being distributed by the following 2 URLs.

Scan Screenpresso.exe - Powered by Reason Core Security