home

aktiv-mp3-recorder-setup.exe

Aktiv MP3 Recorder

Prospera Software, Inc.

The application aktiv-mp3-recorder-setup.exe by Prospera Software has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from goforsharing.s3.amazonaws.com.
Publisher:
GoForSharing LLC  (signed by Prospera Software, Inc.)

Product:
Aktiv MP3 Recorder

Version:
4.6.0.0

MD5:
9fe8cd5fb06d9fae1bce60a0d06c1dd3

SHA-1:
824abf23fd9d11b251de97350bfaf62fb49cc3df

SHA-256:
e31529273431657d1ad32e640703d2b38bdf1be8d56574e9afdf25d57d951059

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 10:22:28 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.2964

Bkav FE
W32.HfsAdware
1.3.0.7237

Dr.Web
Program.Unwanted.538
9.0.1.0279

Malwarebytes
PUP.Optional.AktivMP3
v2015.10.06.02

Reason Heuristics
PUP.ProsperaSoftware.Installer (M)
15.10.6.14

VIPRE Antivirus
ProsperaSoftware
44322

File size:
5.4 MB (5,665,776 bytes)

Copyright:
� GoForSharing LLC

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\aktiv-mp3-recorder-setup.exe

Digital Signature
Signed by:
Prospera Software, Inc.

Authority:
COMODO CA Limited

Valid from:
5/25/2015 2:00:00 AM

Valid to:
5/25/2016 1:59:59 AM

Subject:
CN="Prospera Software, Inc.", O="Prospera Software, Inc.", POBox=30024, STREET=4539 Arbor Crest Place, L=Suwanee, S=Georgia, PostalCode=30024, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
19A1AE80173FC78EF95D67C4BB75F591

File PE Metadata
Compilation timestamp:
2/24/2012 8:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:WrKh83VXkJcHDz0QLlBxJbij9EmxlFezvxYoLxB5YKvf+h/GZ:WGhKxkWkYlbJUUJLBYKvfw/q

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file aktiv-mp3-recorder-setup.exe has been seen being distributed by the following URL.

http://goforsharing.s3.amazonaws.com/aktiv-mp3-recorder-setup.exe

Remove aktiv-mp3-recorder-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.