home

Screenpresso.exe

Screenpresso

Learnpulse

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Screenpresso’. This is installed with Screenpresso. The file has been seen being downloaded from files.downloadnow.com and multiple other hosts.
Publisher:
Learnpulse  (signed and verified)

Product:
Screenpresso

Version:
1.5.6.0

MD5:
2f088741eb6f6a35b1c0b662c63a1b0d

SHA-1:
db2c9dd6062b73fb72a1d79ecf6e9bd4f2faaaad

SHA-256:
1bb2b5c577479db7ca6aff9ec7df40ac77551cb84727d7ea55b7fba063432206

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/28/2024 1:32:02 AM UTC  (today)

File size:
11.4 MB (11,928,080 bytes)

Product version:
1.5.6.0

Copyright:
Copyright © Learnpulse 2015

Original file name:
Screenpresso.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\learnpulse\screenpresso\screenpresso.exe

Digital Signature
Signed by:
Learnpulse

Authority:
Thawte, Inc.

Valid from:
2/23/2014 11:00:00 AM

Valid to:
5/7/2016 9:59:59 AM

Subject:
CN=Learnpulse, O=Learnpulse, L=TOULOUSE, S=Haute Garonne, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
48A4512F54830AEE8CD60DC465C14A14

File PE Metadata
Compilation timestamp:
7/7/2015 5:01:05 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
196608:9EkutRdIh/MCb8swP8cRbAeYgzFi0FJvhV:YRmh/hCPFRbAeJT

Entry address:
0xB3BC3A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 1A, 79, 9B, 55, 00, 00, 00, 00, 02, 00, 00, 00, 60, 00, 00, 00, 7C, BC, B3, 00, 7C, 9E, B3, 00, 52, 53, 44, 53, 8A, FA, 8B, D2, 4D, 39, 1F, 43, 82, 92, F4, 9E, DE, 4E, 71, C4, 01, 00, 00, 00, 63, 3A, 5C, 50, 65, 72, 73, 6F, 5C, 67, 69, 74, 5C, 53, 63, 72, 65, 65, 6E, 70, 72, 65, 73, 73, 6F, 5C, 53, 63, 72, 65, 65, 6E, 70, 72, 65, 73, 73, 6F...
 
[+]

Entropy:
7.0657

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
11.2 MB (11,771,392 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Screenpresso

Command:
"C:\users\{user}\appdata\local\learnpulse\screenpresso\screenpresso.exe" -startup


The file Screenpresso.exe has been discovered within the following program.

Screenpresso  by LearnPulse
www.screenpresso.com
About 8% of users remove it
 
Powered by Should I Remove It?

The file Screenpresso.exe has been seen being distributed by the following 4 URLs.

http://files.downloadnow.com/s/software/14/41/52/.../Screenpresso.exe

http://telechargement1.pcastuces.com/temp6bs2/.../Screenpresso.exe

http://pl.screenpresso.com/.../Screenpresso.exe

http://screenpresso.com/.../Screenpresso.exe

Scan Screenpresso.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.