» colorefexpro4-pl-ver4.002all.exe
Overview
Analysis
File Details
Downloads (10)

colorefexpro4-pl-ver4.002all.exe

Nik Software, Inc.

This is a setup program which is used to install the application. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.

File name:

Publisher:

Nik Software, Inc. (signed and verified)

MD5:

6436379bab3f9568d463fae6b2bed26c

SHA-1:

a9282b02e2cfcd9b791ed0b958fd9d3f364b7cd2

SHA-256:

aaf2e6c6ec232baa2fa41a04182e5eda8acb322a7084ba0fde758b60cf88519b

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

5/3/2024 2:00:42 PM UTC (today)

File size:

37.7 MB (39,519,104 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\colorefexpro4-pl-ver4.002all.exe

Digital Signature

Signed by:

Nik Software, Inc.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

2/25/2010 1:00:00 AM

Valid to:

3/27/2012 1:59:59 AM

Subject:

CN="Nik Software, Inc.", O="Nik Software, Inc.", L=San Diego, S=California, C=US

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

2F2CE8C1EFE6FCA2BFDAEA44220C7708

File PE Metadata

Compilation timestamp:

9/26/2011 3:21:33 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

786432:r0joebOhB7WY6+BJYPROSsRm2MdPz87P38wzcSenQ/Ha1KG9o3XoC:r0jzbOhB7u+BJYPR5sm2MdPIr3PzcRnm

Entry address:

0x39E3

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00... 
[+]

Code size:

28 KB (28,672 bytes)

The file colorefexpro4-pl-ver4.002all.exe has been seen being distributed by the following 10 URLs.

http://gsf-cf.softonic.com/a92/82b/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3336740&instance=softonic_pl&type=PROGRAM&Expires=1479285960&Signature=i0uMPMpg5hQErdMyok44Nu0fIqHQuY7zpwv0A1vOTv9AgL7xvxzWzPl~Ey-~kp79D6IEb5HFHK1Zc8Z2V~YaUKReMZM~CaMjHpTpdemborKgn9BLPTVBm3zGzREI0Rf0Tr~5S99Eof5YKiW0kMBBQcKGPEucxt8CRKzDY1jkgFo_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=ColorEfexPro4-pl-ver4.002all.exe

http://gsf-cf.softonic.com/a92/82b/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3336740&instance=softonic_pl&type=PROGRAM&Expires=1462964028&Signature=SOwNIZ8taAYN1jA2Z~wvlK6xOhZT7D9gCeDcvV4EJGXys2LwJqm4qLxwvAT01Vj8o9vIulAgj0lG~9EL6uJJ2QScQay~uc1HrJGHUwDi~GyIyeJnWK8EuGnW3wiOfDQZlQd471YrMTcK78ipqQadtjgc2ZE690FLvJPP8YgE5hQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=ColorEfexPro4-pl-ver4.002all.exe

http://gsf-cf.softonic.com/a92/82b/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3336740&instance=softonic_pl&type=PROGRAM&Expires=1475864794&Signature=JtIGt7YXS-KUjyyFoIsZBdDcye86cRP1CekRsZ3n7ITQmhcdHgZcNepY-SnzrnA2pI2TMIyDLCKSUHMzxwWa~3J6dVdybj6l7eTwo7gbyJKUGq2aNBms~Fs2BOiPJrXtMUGrCinX27nY1xmiPHp43vMj0-39XfJiQTiwt-GVtno_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=ColorEfexPro4-pl-ver4.002all.exe

http://gsf-cf.softonic.com/a92/82b/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3336740&instance=softonic_pl&type=PROGRAM&Expires=1464605011&Signature=UgZ5Szm6l6jd18mOPzvllXuQGzNX7q23svZhd1Zd69CnFVk1srVvEcK-VU5QVHvAWNWEocglryikN6pxhFTbEKhBSNpyAQD9XiChOh4KoFUTkGGU4iNN1B256fZyCzTfIBkv5Tl9wPRQMHIhrrXAzO2kiyhJKQvZxXEqIhGy62k_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=ColorEfexPro4-pl-ver4.002all.exe

http://gsf-cf.softonic.com/a92/82b/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3336740&instance=softonic_pl&type=PROGRAM&Expires=1465545479&Signature=I-RZLfnNaues2XUPSUo7Db46hBNGAjPCttn8AkjOslPC~o1vCeWofqIElT7KTO2HfOH2ROOyuSnRu4jGXHJUMx6ix3CnQSmpGqV~sHe8yxVoA4eKKirt6q4koYmzfyzkqszZkbuAK6Q6kFT~Ddwf~if5w2btTX0k8po59mJKlZk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=ColorEfexPro4-pl-ver4.002all.exe

http://gsf-cf.softonic.com/a92/82b/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3336740&instance=softonic_pl&type=PROGRAM&Expires=1446875460&Signature=UvM7RvGxeX2QAuuTzmVhvruL7tgYitdQo85mIt30FDg346h8V64OY1dRZH66dY02qU0AvcVIS3HI76XFONZv3QAgTcSwBpXYoom31gBFLQt5246uiAd5lfiR0bTs4JytF0TuNqeaohvBSZFvAXGikjCvP8YDjTiacJzCjoTu-cA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=ColorEfexPro4-pl-ver4.002all.exe

http://gsf-cf.softonic.com/a92/82b/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3336740&instance=softonic_pl&type=PROGRAM&Expires=1460361775&Signature=IDFNKPkFy71IuurSyvB5cwDaNt3VQAPQJ0N2w8jknZQhQDwUSdkrXfl8OY8cnwvAp3pzdJvsJT5sgXfJ5u0QuHN7FpPNbxqLLNsrkFVi3YoAPY5yXtLBKgtTEYu0GP4bs~753YyPtkclpkMVFLxitegza~Wf5CcGzx1z-N-AMw8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=ColorEfexPro4-pl-ver4.002all.exe

http://gsf-cf.softonic.com/a92/82b/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3336740&instance=softonic_pl&type=PROGRAM&Expires=1457261898&Signature=UelpOFzZD0Gl-ZYwAgQNJnkB-3bNbs1eLDz4DEze-eu7aYx5FQeqO-9aJy5bccoQ5vfUiY9orU5chJkBYAq0VkXh2rEGmQFRMexbXlWi2P1LYHc4QuWKhTuKx9Gk1kk46HuNhb5X55aH~iNrMDmvkueLDAZvjZ~fS1ZHuuLLHE8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=ColorEfexPro4-pl-ver4.002all.exe

http://eu.download.niksoftware.com/.../ColorEfexPro4-pl-ver4.002all.exe

http://cdn.wacom.com/s/win/.../colorefexpro4.exe

Scan colorefexpro4-pl-ver4.002all.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.