home

file-repair-setup.exe

Kirill Chermenin

The application file-repair-setup.exe, “File Repair Setup ” by Kirill Chermenin has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.filerepair1.com.
Publisher:
File Repair   (signed by Kirill Chermenin)

Product:
File Repair

Description:
File Repair Setup

Version:
2.1

MD5:
8a6272e4fe3f1886422ca991b7b7792d

SHA-1:
73a90e865ff1fe315d52363ade5e2b8de6f7d5ee

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/20/2024 3:34:56 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.KirillCh.Installer (M)
16.6.18.18

File size:
1.3 MB (1,410,516 bytes)

Product version:
2.1

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\documents and settings\utilisateur\mes documents\downloads\file-repair-setup.exe

Digital Signature
Signed by:
Kirill Chermenin

Authority:
StartCom Ltd.

Valid from:
2/16/2016 4:31:22 PM

Valid to:
2/16/2018 4:31:22 PM

Subject:
CN=Kirill Chermenin, O=Kirill Chermenin, L=Krasnodar, S=Krasnodar Krai, C=RU

Issuer:
CN=StartCom Class 2 Object CA, OU=StartCom Certification Authority, O=StartCom Ltd., C=IL

Serial number:
6F0B658F0C30083E05B4646D6BE99928

File PE Metadata
Compilation timestamp:
1/15/2016 9:22:50 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:BxGWlzpKG3nbHgYBEW4k31wRK2TbwwXrMY1zmfslffU+kJg13XttWm3:6azn3bAiEWzFwKQbJXwumfslpVt3

Entry address:
0x28000

Entry point:
90, BB, 67, D3, 2C, 00, 90, 68, 1A, 80, 42, 00, 5F, 90, 68, 98, 05, 00, 00, 5A, 31, 1C, 3A, 83, EA, 03, 4A, 75, F7, 90, 8F, AE, 2D, 00, 67, D3, 2C, 00, 67, D3, 6C, 00, DB, C0, 2D, 00, C7, 1D, 3E, 00, B3, 06, 3E, 00, 67, 63, 2E, 00, 98, 2C, D3, FF, 57, 40, 6D, 00, 81, 46, 6D, 00, 97, 46, 6D, 00, 43, C2, 2D, 00, 83, 46, 2D, 00, 89, 46, 2D, 00, 57, C0, 2D, 00, 83, 46, 2D, 00, 89, 46, 2D, 00, 67, D3, 2C, 00, 67, D3, 2C, 00, 67, D3, 2C, 00, 67, D3, 2C, 00, 67, D3, 2C, 00, 67, D3, 2C, 00, 67, D3, 2C, 00, 67, D3...
 
[+]

Code size:
63.5 KB (65,024 bytes)

The file file-repair-setup.exe has been seen being distributed by the following URL.

http://www.filerepair1.com/.../file-repair-setup.exe

Remove file-repair-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.