home

Screenpresso.exe

Screenpresso

Learnpulse

This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Screenpresso’. This is installed with Screenpresso. The file has been seen being downloaded from lb.cdn.m6web.fr and multiple other hosts.
Publisher:
Learnpulse  (signed and verified)

Product:
Screenpresso

Version:
1.6.5.0

MD5:
d69ffadde1bf947edf56655e71236c45

SHA-1:
da7c5acdefab1255ba65bf77588236f7abdd3edc

SHA-256:
132fe877c2f31ba4d9a47fef63ec3e2bcb10649ff79dd147969940192d836462

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/27/2024 6:19:40 AM UTC  (today)

File size:
11.8 MB (12,391,144 bytes)

Product version:
1.6.5.0

Copyright:
Copyright © Learnpulse 2016

Original file name:
Screenpresso.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\learnpulse\screenpresso\screenpresso.exe

Digital Signature
Signed by:
Learnpulse

Authority:
Thawte, Inc.

Valid from:
4/20/2016 2:00:00 AM

Valid to:
5/7/2018 1:59:59 AM

Subject:
CN=Learnpulse, O=Learnpulse, L=TOULOUSE, S=Haute Garonne, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
667DFE89CA47ADFF057FB913EEF627E4

File PE Metadata
Compilation timestamp:
11/14/2016 9:02:27 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
196608:tso6hrqUlpBKRswQ8cRbAeYgzFi0FCEUEhu:OBDK7QFRbAeJgP

Entry address:
0xBAAE52

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 43, 18, 2A, 58, 00, 00, 00, 00, 02, 00, 00, 00, 5A, 00, 00, 00, 94, AE, BA, 00, 94, 90, BA, 00, 52, 53, 44, 53, F2, 8D, 71, B8, E1, DC, 68, 4D, 8C, E7, EF, CA, 43, F1, 5F, 6B, 01, 00, 00, 00, 63, 3A, 5C, 67, 69, 74, 5C, 73, 63, 72, 65, 65, 6E, 70, 72, 65, 73, 73, 6F, 5C, 53, 63, 72, 65, 65, 6E, 70, 72, 65, 73, 73, 6F, 5C, 73, 72, 63, 5C, 6F...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
11.7 MB (12,226,560 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Screenpresso

Command:
"C:\users\{user}\appdata\local\learnpulse\screenpresso\screenpresso.exe" -startup


The file Screenpresso.exe has been discovered within the following program.

Screenpresso  by LearnPulse
www.screenpresso.com
About 8% of users remove it
 
Powered by Should I Remove It?

The file Screenpresso.exe has been seen being distributed by the following 8 URLs.

http://lb.cdn.m6web.fr/d/c/a/d44d12787ba49bde44c8721c7451ced7/586e718c/soft/.../screenpresso_1-6-5_fr_311538.exe

http://d110.cdn.m6web.fr/soft/.../screenpresso_1-6-5_fr_311538.exe

http://lb.cdn.m6web.fr/d/c/a/f10aa7d9a8f9e2352f505e5af4e3b941/583495ca/soft/.../screenpresso_1-6-5_fr_311538.exe

http://lb.cdn.m6web.fr/d/c/a/52a2efe213d45afb5a7c4c07b7a245e3/583abd9c/soft/.../screenpresso_1-6-5_fr_311538.exe

http://fr.screenpresso.com/.../Screenpresso.exe

http://cdn.screenpresso.com/.../Screenpresso.exe

http://screenpresso.com/.../Screenpresso.exe

http://www.screenpresso.com/.../Screenpresso.exe

Scan Screenpresso.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.