home

file-repair-setup.exe

KIRILL CHERMENIN

The application file-repair-setup.exe, “File Repair Setup ” by KIRILL CHERMENIN has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. This file is typically installed with the program Toolwiz Time Freeze 2014 by ToolWiz. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
File Repair   (signed by KIRILL CHERMENIN)

Product:
File Repair

Description:
File Repair Setup

Version:
2.1

MD5:
9afde9013e6b514a73a386b11bf26652

SHA-1:
9e882ba1fa222850f5a8799d0faed3e8cfcfda9e

SHA-256:
8b4304a608258f636b72def04a5adbb3e0e265bc398b4f066fbcdb0faf42329a

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/23/2024 7:50:10 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/OpenCandy
7.9288

Reason Heuristics
PUP.Installer.KIRILLCHERMENIN.R
14.3.21.14

File size:
1.3 MB (1,319,328 bytes)

Product version:
2.1

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\file-repair-setup.exe

Digital Signature
Signed by:
KIRILL CHERMENIN

Authority:
The USERTRUST Network

Valid from:
2/16/2011 6:00:00 PM

Valid to:
2/16/2013 5:59:59 PM

Subject:
CN=KIRILL CHERMENIN, O=KIRILL CHERMENIN, STREET=70 Let Oktyabrya 17-50, L=Krasnodar, S=Krasnodarsky kray, PostalCode=350089, C=RU

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
0080C6F0AF784D4CD2CE8A729FD6532512

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:0nvnc7dF+QcfqOfxEZxgmHOlK9jRpQxY+8Yo6THQNHMMVyCvnnOJFlhPPjBF+DBy:0vc7kqOfxI6mulKlRpQ98rNHM9Cvohqo

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9877

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file file-repair-setup.exe has been discovered within the following program.

Toolwiz Time Freeze 2014  by ToolWiz
www.Toolwiz.com
About 1% of users remove it
 
Powered by Should I Remove It?

The file file-repair-setup.exe has been seen being distributed by the following 9 URLs.

http://www.tusfiles.net/vga1no578tqf

http://programyzadarmo.net.pl/.../2903

http://download.informer.com/.../file-repair-setup.exe

http://download.informer.com/.../file-repair-setup.exe

http://dl.cdn.chip.de/downloads/.../file-repair-setup.exe

http://file-repair.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPemSpzydROONygDLMhXLMTlkesa85E2lr2EB4Yvr7k9d4S3XgEpB/0tc78ON1dSHCVZxL1UP015gjrhmE/qm2OkxcWr9QUiOLAw3PIJg pR2/.../ETz2Yg=

http://download.informer.com/.../file-repair-setup.exe

http://file-repair1.software.informer.com/.../

http://www.filerepair1.com/.../file-repair-setup.exe

Remove file-repair-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.