home

drpu_greeting_card_maker_software.exe

DRPU Greeting Card Maker Software

DRPU Software Private Limited

The application drpu_greeting_card_maker_software.exe, “DRPU Greeting Card Maker Software Setup ” by DRPU Software Private Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from secure.avangate.com.
Publisher:
DRPU Softwares Pvt. Ltd.   (signed by DRPU Software Private Limited)

Product:
DRPU Greeting Card Maker Software

Description:
DRPU Greeting Card Maker Software Setup

Version:
8.3.0.1

MD5:
5562c6457e97f1555f13cc8ce82d5091

SHA-1:
1efb4f7e49d1205e0b9aed7e22bbb0ecba17dd4d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/16/2024 10:31:33 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.CSH (L)
17.2.9.16

File size:
5.4 MB (5,705,304 bytes)

Product version:
8.3.0.1

Copyright:
Copyright© 2007-2013

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\My documents\downloads\drpu_greeting_card_maker_software.exe

Digital Signature
Signed by:
DRPU Software Private Limited

Authority:
The USERTRUST Network

Valid from:
9/7/2010 8:00:00 PM

Valid to:
9/7/2013 7:59:59 PM

Subject:
CN=DRPU Software Private Limited, OU=Software Development, O=DRPU Software Private Limited, STREET=J-80 Patel Nagar - 1, L=Ghaziabad, S=UP, PostalCode=201001, C=IN

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
008DCDF20944D85EEBBD5FFE8E4D159B97

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9991

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file drpu_greeting_card_maker_software.exe has been seen being distributed by the following URL.

https://secure.avangate.com/order/.../F5bQ==

Remove drpu_greeting_card_maker_software.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.