» dcrypt_setup.exe
Overview
Analysis
File Details
Programs (1)
Downloads (3)

dcrypt_setup.exe

DiskCryptor

ReactOS Foundation

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from diskcryptor.net and multiple other hosts.

File name:

dcrypt_setup.exe

Publisher:

http://diskcryptor.net/ (signed by ReactOS Foundation)

Product:

DiskCryptor

Description:

DiskCryptor Setup

Version:

1.0.802.118

MD5:

d614cba905064c7f3f5bde58fc92994a

SHA-1:

4593a89da881b909c7146a6b8ceb883a0fa750a9

SHA-256:

fd7b516ce247cf201b33411b16ac1c219287141eff4be54ab462c14b9a3091f2

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 3:44:52 PM UTC (today)

File size:

980.4 KB (1,003,904 bytes)

Product version:

1.0

ntldr <ntldr@diskcryptor.net>

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\dcrypt_setup.exe

Digital Signature

Signed by:

ReactOS Foundation

Authority:

VeriSign, Inc.

Valid from:

11/22/2013 1:00:00 AM

Valid to:

12/4/2015 12:59:59 AM

Subject:

CN=ReactOS Foundation, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ReactOS Foundation, L=Moscow, S=Russia, C=RU

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0B9E9ED13253182A960781904367CC0F

File PE Metadata

Compilation timestamp:

3/17/2011 11:22:54 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:JMjhV8lesViv+gnEKmmCoypWPaGabfe/7mn/lJtEhNdoUU:AolzViGgXnQBbfhKNe

Entry address:

0x16478

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B0, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 4E, EC, FF, FF, E8, F5, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, AC, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, AC, D6, 41, 00, B2, 01... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

84 KB (86,016 bytes)

The file dcrypt_setup.exe has been discovered within the following program.

360Amigo System Speedup Free by 360Amigo

360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).

www.360amigo.com

53% remove it

The file dcrypt_setup.exe has been seen being distributed by the following 3 URLs.

https://diskcryptor.net/storage/dcrypt/.../dcrypt_setup.exe

http://dl.cdn.chip.de/downloads/.../dcrypt_v1-0-802-118_setup.exe

http://diskcryptor.net/storage/dcrypt/.../dcrypt_setup.exe

Scan dcrypt_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.