home

screenpresso151.exe

Screenpresso

Learnpulse

This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Screenpresso’. This is installed with Screenpresso. The file has been seen being downloaded from software-files-a.cnet.com and multiple other hosts.
Publisher:
Learnpulse  (signed and verified)

Product:
Screenpresso

Version:
1.5.1.0

MD5:
53927edb7d54cb243a69c9ae20b47430

SHA-1:
d1a252fef98917b41a59bcadc31e15c7563464bf

SHA-256:
f38b7d3493d015b2c8fe3f810fb950004b1435c86a550e8c02111be86e5a56ae

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 5:55:29 PM UTC  (today)

File size:
9.8 MB (10,297,360 bytes)

Product version:
1.5.1.0

Copyright:
Copyright © Learnpulse 2014

Original file name:
Screenpresso.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Digital Signature
Signed by:
Learnpulse

Authority:
Thawte, Inc.

Valid from:
2/23/2014 1:00:00 AM

Valid to:
5/7/2016 1:59:59 AM

Subject:
CN=Learnpulse, O=Learnpulse, L=TOULOUSE, S=Haute Garonne, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
48A4512F54830AEE8CD60DC465C14A14

File PE Metadata
Compilation timestamp:
5/18/2014 9:17:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
196608:tgqO3l/MAswDPNL55aixXn28/PdiCe2wRuSCPaCX:0lEuDPZDZ283diCvw0Sm

Entry address:
0x9ADA62

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 53, 07, 79, 53, 00, 00, 00, 00, 02, 00, 00, 00, 5A, 00, 00, 00, A4, DA, 9A, 00, A4, BC, 9A, 00, 52, 53, 44, 53, 9C, CC, 1D, 10, DD, 20, AC, 49, 9E, AA, F1, 71, 4C, A3, CF, 4F, 01, 00, 00, 00, 63, 3A, 5C, 67, 69, 74, 5C, 53, 63, 72, 65, 65, 6E, 70, 72, 65, 73, 73, 6F, 5C, 53, 63, 72, 65, 65, 6E, 70, 72, 65, 73, 73, 6F, 5C, 73, 72, 63, 5C, 6F...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
9.7 MB (10,140,672 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Screenpresso

Command:
"C:\users\{user}\appdata\local\learnpulse\screenpresso\screenpresso.exe" -startup


The file screenpresso151.exe has been discovered within the following programs.

Screenpresso  by LearnPulse
www.screenpresso.com
About 8% of users remove it
 
Powered by Should I Remove It?

The file screenpresso151.exe has been seen being distributed by the following 7 URLs.

http://software-files-a.cnet.com/s/software/13/79/96/.../Screenpresso.exe

http://www.downloadcrew.com/?act=software.download&id=20630&t=1410638617&c=6dda33d579442e385e134d431c3f53ff98170144

&onid=2192&oid=3001-2192_4-75156835&rsid=cbsidownloadcomsite&sl=en&sc=us&pdguid=download:13799659&topicguid=digitalphoto/photo-editors&topicbrcrm=windows software&pid=13799659&mfgid=10086386&merid=10086386&ctype=dm&cval=NONE&devicetype=desktop&pguid=39a95cfcb2868908e4fde2cb&viewguid=QZ0XOHMtH0TJn0DnFOgs655pl-ksoceJJHcm&destUrl=http://software-files-a.cnet.com/s/software/13/79/96/.../Screenpresso.exe

http://fr.screenpresso.com/.../Screenpresso.exe

http://screenpresso.com/.../Screenpresso.exe

http://www.screenpresso.com/.../Screenpresso.exe

http://dl.cdn.chip.de/downloads/.../Screenpresso151.exe

Scan screenpresso151.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.