home

tmp-12040-0170.exe

Copernic Desktop Search

Copernic Inc.

This is a setup and installation application. The file has been seen being downloaded from download.copernic.com and multiple other hosts.
Publisher:
Copernic, a division of N. Harris Computer Systems  (signed by Copernic Inc.)

Product:
Copernic Desktop Search

Description:
Copernic Desktop Search Installer

Version:
5.1.0.8331

MD5:
60fabb4ec8b1070fc5ff73e2142d8401

SHA-1:
03f7057a39e2ffa5a54dab8606ade357631422aa

SHA-256:
f46c25ee17f1155eacca2b09d30fe9198823b13d0eb97de1e2ca643254da6bb7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 6:53:50 AM UTC  (today)

File size:
22 MB (23,061,264 bytes)

Product version:
5.1.0.8331

Copyright:
Copyright © 2015

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\desktopsearch\temp\tmp-12040-0170.exe

Digital Signature
Signed by:
Copernic Inc.

Authority:
Thawte, Inc.

Valid from:
7/21/2014 5:00:00 PM

Valid to:
7/25/2016 4:59:59 PM

Subject:
CN=Copernic Inc., O=Copernic Inc., L=Québec, S=Québec, C=CA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
10764997B604190B9546EAC49290A3CE

File PE Metadata
Compilation timestamp:
8/13/2015 4:37:57 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
393216:vRpYiZ4TZptMopBc6sjSX8K5teqHkw7bwnGTsuiQqGGeZex:vRmbTZLMMBc6/Xx5xHkGbrTsuTqGGeMx

Entry address:
0x120B9B

Entry point:
E8, 71, 89, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, B0, 5B, 5A, 00, 75, 02, F3, C3, E9, 2C, 4A, 00, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 69, 00, 00, 00, C7, 06, 9C, A8, 57, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 0D, 00, 00, 00, C7, 06, 9C, A8, 57, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, 83, 66, 04, 00, C7, 06, 7C, A8, 57, 00, C6, 46, 08, 00, FF, 30, E8, A8, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 8B, 45, 08, C7, 01, 7C, A8, 57...
 
[+]

Entropy:
7.8373  (probably packed)

Code size:
1.3 MB (1,371,648 bytes)

The file tmp-12040-0170.exe has been seen being distributed by the following 8 URLs.

http://download.copernic.com/.../copernicdesktopsearch.exe

http://copernic-desktop-search.softonic.it/download-tracker?th=1/.../aj2yOxQH1VxLFvMoKjeHibFWp0DCvj2TuYYpEb3zJUipKYOKgcDDIyFTJeZO8vf3nv3Q1GJ2uAYfffW3RAdyvg=

https://secure.avangate.com/order/.../FpbQ==

http://copernic-desktop-search.it.softonic.com/download-tracker?th=1/.../aj2yOxQH1VxLFvMoKjeHibFWp0DCvj2TuYYpEb3zJUipKYOKgcDDIyFTJeZO8vf3nv3Q1GJ2uAYfffW3RAdyvg=

http://lb.cdn.m6web.fr/d/c/a/1478fa4c0f796ad6fa03d12adf251a83/56a2d6ba/soft/.../copernic-desktop-search-free_5-0-1_fr_12907.exe

https://secure.avangate.com/order/.../CPbQ==

http://go.copernic.com/?dest=cds5liteinstaller

http://go.copernic.com/?dest=cds5installer

Scan tmp-12040-0170.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.