setup_filerecovery.exe

Toolwiz File Recovery FREE

XII CNC Inc.

The program is a setup application that uses the Inno Setup installer. This file is installed with multiple programs including Toolwiz Time Freeze 2015 and Toolwiz BSafe. The file has been seen being downloaded from www.programosy.pl and multiple other hosts.
Publisher:
Toolwiz   (signed by XII CNC Inc.)

Product:
Toolwiz File Recovery FREE

Description:
Toolwiz File Recovery FREE Setup

Version:
1.3.0.0

MD5:
90adbc349ae39dd6440bc64e25076821

SHA-1:
77813dc419df76f34edb03c96455c57216aa9c51

SHA-256:
a095ac278d3d9cceb52e63c25abd3b3c1de6c8825e6f4dabdfa3bbec4b389e01

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/15/2024 6:44:48 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.W32.Autoit
2.1.4+

File size:
765.3 KB (783,696 bytes)

Product version:
1.3.0.0

Copyright:
Copyright © 2011-2012 Toolwiz

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup_filerecovery.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
7/31/2011 5:00:00 PM

Valid to:
8/30/2012 4:59:59 PM

Subject:
CN=XII CNC Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=XII CNC Inc., L=Anyang, S=Kyunggi, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6B01A485CA0C94226AA153DE1A468248

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:0203NqkUPZm2FQ8u2ZaprVHdUoPqvucIjS0BF7MKTH8ntfumZizbcjWci2w5wrvi:020d5wm2FQ8u7jqNIjv7MKTH8ttZGAjM

Entry address:
0x9B60

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 66, 95, FF, FF, E8, 6D, A7, FF, FF, E8, 98, C9, FF, FF, E8, DF, C9, FF, FF, E8, 0E, F3, FF, FF, E8, 75, F4, FF, FF, 33, C0, 55, 68, 17, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, E0, A1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 02, FA, FF, FF, 8D, 55, F0, 33, C0, E8, C8, CF, FF, FF, 8B, 55, F0, B8, F0, CD, 40, 00, E8, 17, 96, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, F0, CD, 40, 00, B2, 01, B8...
 
[+]

Entropy:
7.9698

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file setup_filerecovery.exe has been discovered within the following programs.

Toolwiz BSafe  by ToolWiz
www.Toolwiz.com
About 9% of users remove it
About 1% of users remove it
About 5% of users remove it
 
Powered by Should I Remove It?

The file setup_filerecovery.exe has been seen being distributed by the following 3 URLs.

Scan setup_filerecovery.exe - Powered by Reason Core Security