home

onlinerecovery.exe

The executable onlinerecovery.exe has been detected as malware by 5 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.transcend-info.com.
MD5:
83eabd89cdd24415e3affc6bf2b8e87f

SHA-1:
d1f280b79367a454a97dc54f19be201f30e3e1ec

SHA-256:
433cb0c437fcf24e694a345567d5ba6a5e345665555c206117229458ff4e8b94

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
4/19/2024 10:15:15 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160518-2

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.E.gen
4.6.5.141

F-Secure
Win32.Sality.3
5.15.96

Microsoft Security Essentials
Threat.Undefined
1.223.2949.0

File size:
1.4 MB (1,463,063 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\onlinerecovery.exe

File PE Metadata
Compilation timestamp:
5/30/2008 9:41:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
24576:fWz0AFNfpSkgP+hOtGFD4MFGufONc4io68dwFOQHDvEh:fWzHFNfpSkc/GFDLFPf2cdTkoEh

Entry address:
0x1000

Entry point:
0F, BF, DD, 68, 87, 4A, 2B, 00, 68, 1F, BB, 10, 00, EB, 0B, 33, C8, C6, C6, 06, C7, C1, 4D, A6, 78, 57, FE, C5, 0F, AF, DD, 69, D2, 26, D8, 0D, 38, FE, C1, C7, C7, A3, 65, 7F, D4, 3B, F7, 0F, BF, CE, 0F, AF, C6, B1, A4, B5, 58, 49, 40, 48, C6, C7, D6, F7, C7, F8, 41, CD, 2C, E8, 00, 00, 00, 00, 5A, 89, DB, 3C, 6B, B5, 5D, 69, C0, C8, 5B, F5, 50, 10, E9, B9, 34, 2E, 50, D6, 15, A7, B3, E4, 6B, 86, D9, 85, CE, 2A, C7, 3B, EB, 3C, 79, 84, C9, 39, DE, 29, C6, 69, C8, 50, E0, FD, 99, 4F, 56, FF, C6, 74, 03, 0F...
 
[+]

Entropy:
7.9220  (probably packed)

Code size:
80 KB (81,920 bytes)

The file onlinerecovery.exe has been seen being distributed by the following URL.

http://www.transcend-info.com/support/.../ORT_Software.asp

Remove onlinerecovery.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.