home

freerip_setup.exe

Greentree Applications SRL

The executable freerip_setup.exe has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program FreeRIP 4.0 by GreenTree Applications SRL. The file has been seen being downloaded from software-files-a.cnet.com.
Publisher:
Greentree Applications SRL  (signed and verified)

MD5:
61e5714331f7cc229b5cd1a7ac33d3a7

SHA-1:
1333e8de2707d996b143c1d395feebf295f22bfd

SHA-256:
a6144e4ee8805c1f7f4b48a3665fed22e5b364dfed57a37aff75aee3f9e287ff

Scanner detections:
1 / 68

Status:
Malware

Explanation:
This is part of a Greentree bundled installer, which includes various adware, toolbars and co-bundled potentially unwanted apps pushed to the user upon setup.

Analysis date:
4/20/2024 2:26:07 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic.GreentreeApplications.Installer.Meta
15.12.6.8

File size:
2.7 MB (2,811,952 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\freerip_setup.exe

Digital Signature
Signed by:
Greentree Applications SRL

Authority:
VeriSign, Inc.

Valid from:
6/5/2012 8:00:00 PM

Valid to:
6/23/2013 7:59:59 PM

Subject:
CN=Greentree Applications SRL, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Greentree Applications SRL, L=Bucharest, S=Bucharest, C=RO

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
44292664DD6C4B0D023AA98E8ADC6FE1

File PE Metadata
Compilation timestamp:
4/10/2010 8:19:31 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:DPvRR45WT89rGDlXacx6xY+zvNMJ5wv6NMMOL7lgOKVB+gzr8aKblJ3CqLp9z52:DPv/45WTcralquN+zlMJ546WXPlg3VB3

Entry address:
0x354B

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 84, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 86, 40, 00, FF, 15, 80, 81, 40, 00, 68, 04, 86, 40, 00, 68, A0, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Entropy:
7.9757

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file freerip_setup.exe has been discovered within the following program.

FreeRIP 4.0  by GreenTree Applications SRL
www.freerip.com
40% remove it
 
Powered by Should I Remove It?

The file freerip_setup.exe has been seen being distributed by the following URL.

http://software-files-a.cnet.com/s/software/13/03/15/.../FreeRIP_setup.exe

Remove freerip_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.