home

screenpressoupd.exe

Screenpresso

Learnpulse

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Screenpresso’. This is installed with Screenpresso. The file has been seen being downloaded from www.screenpresso.com.
Publisher:
Learnpulse  (signed and verified)

Product:
Screenpresso

Version:
1.6.5.0

MD5:
671b9172612984a242d51278e14e8bdb

SHA-1:
b61e2acd824e9015448baab3fb4f3098d8d398e5

SHA-256:
eadd3db651a016208bd06ea1cc275bb39cb80a3e910b1884fc4ef060e7b41e5f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/27/2024 6:28:45 AM UTC  (today)

File size:
11.8 MB (12,389,608 bytes)

Product version:
1.6.5.0

Copyright:
Copyright © Learnpulse 2016

Original file name:
Screenpresso.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\screenpressoupd.exe

Digital Signature
Signed by:
Learnpulse

Authority:
Thawte, Inc.

Valid from:
4/20/2016 5:30:00 AM

Valid to:
5/7/2018 5:29:59 AM

Subject:
CN=Learnpulse, O=Learnpulse, L=TOULOUSE, S=Haute Garonne, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
667DFE89CA47ADFF057FB913EEF627E4

File PE Metadata
Compilation timestamp:
11/14/2016 3:51:21 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
196608:pH9RVFRHel/oOvRswo8cRbAeYgzFi0FCEURUh9:p70/Dv7oFRbAeJgRi

Entry address:
0xBAA7C6

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 10, 90, 29, 58, 00, 00, 00, 00, 02, 00, 00, 00, 5A, 00, 00, 00, 08, A8, BA, 00, 08, 8A, BA, 00, 52, 53, 44, 53, 0F, AA, B8, 14, 2E, E3, 75, 45, A2, 27, DE, 1A, 04, 0F, E2, 62, 01, 00, 00, 00, 63, 3A, 5C, 67, 69, 74, 5C, 73, 63, 72, 65, 65, 6E, 70, 72, 65, 73, 73, 6F, 5C, 53, 63, 72, 65, 65, 6E, 70, 72, 65, 73, 73, 6F, 5C, 73, 72, 63, 5C, 6F...
 
[+]

Entropy:
7.0616

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
11.7 MB (12,225,024 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Screenpresso

Command:
"C:\users\{user}\appdata\local\learnpulse\screenpresso\screenpresso.exe" -startup


The file screenpressoupd.exe has been discovered within the following program.

Screenpresso  by LearnPulse
www.screenpresso.com
About 8% of users remove it
 
Powered by Should I Remove It?

The file screenpressoupd.exe has been seen being distributed by the following URL.

http://www.screenpresso.com/.../Screenpresso.exe

Scan screenpressoupd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.