home

partrecovery.exe

Active@ Partition Recovery for Windows

LSoft Technologies Inc

This is a setup program which is used to install the application. This file is installed with multiple programs including Active@ Partition Recovery 6 Professional and Active@ Partition Recovery. The file has been seen being downloaded from download2.lsoft.net.
Publisher:
LSoft Technologies Inc.  (signed by LSoft Technologies Inc)

Product:
Active@ Partition Recovery for Windows

Description:
Data Recovery Software for restoring deleted or damaged volumes

Version:
6, 0, 0, 1

MD5:
5ccc541aa98a6c58add2847048211465

SHA-1:
373b6c04df339a4497809c84b5a91ba8423b26eb

SHA-256:
1920a6f2793fad65380458689a178412412d54b1fd887103108c51e9817878f1

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/19/2024 4:47:41 AM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
PUA.Packed.Armadillo
0.98/18155

File size:
1.3 MB (1,390,024 bytes)

Product version:
6, 0, 0, 1

Copyright:
(c) 1998-2011 Active Data Recovery Software

Trademarks:
Active Data Recovery Software is a registered business name of LSoft Technologies Inc

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\lsoft technologies\active@ partition recovery\partrecovery.exe

Digital Signature
Signed by:
LSoft Technologies Inc

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
5/21/2009 8:00:00 PM

Valid to:
6/3/2011 7:59:59 PM

Subject:
CN=LSoft Technologies Inc, OU=ACTIVE DATA RECOVERY SOFTWARE, O=LSoft Technologies Inc, L=Mississauga, S=Ontario, C=CA

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
5E88540928B76B0B3EEA6B70D3662CC9

File PE Metadata
Compilation timestamp:
4/5/2011 4:53:55 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
83.82

CTPH (ssdeep):
24576:vDj7UAAQjmbZJS7kF6lDJqLGT4RSsw0tZPrmqt/ZH5Uzu8P6dx6Z3CE:bjKQM47kQlDJqDvtZzT/F5Uzu8PD3CE

Entry address:
0x10D000

Entry point:
60, E8, 00, 00, 00, 00, 5D, 50, 51, 0F, CA, F7, D2, 9C, F7, D2, 0F, CA, EB, 0F, B9, EB, 0F, B8, EB, 07, B9, EB, 0F, 90, EB, 08, FD, EB, 0B, F2, EB, F5, EB, F6, F2, EB, 08, FD, EB, E9, F3, EB, E4, FC, E9, 9D, 0F, C9, 8B, CA, F7, D1, 59, 58, 50, 51, 0F, CA, F7, D2, 9C, F7, D2, 0F, CA, EB, 0F, B9, EB, 0F, B8, EB, 07, B9, EB, 0F, 90, EB, 08, FD, EB, 0B, F2, EB, F5, EB, F6, F2, EB, 08, FD, EB, E9, F3, EB, E4, FC, E9, 9D, 0F, C9, 8B, CA, F7, D1, 59, 58, 50, 51, 0F, CA, F7, D2, 9C, F7, D2, 0F, CA, EB, 0F, B9, EB...
 
[+]

Entropy:
7.8124

Packer / compiler:
ASPack v1.08.04

Code size:
316 KB (323,584 bytes)

The file partrecovery.exe has been discovered within the following programs.

Active@ Partition Recovery  by LSoft Technologies Inc
www.partition-recovery.com
About 2% of users remove it
Active@ Partition Recovery 6 Professional  by LSoft Technologies Inc
About 1% of users remove it
 
Powered by Should I Remove It?

The file partrecovery.exe has been seen being distributed by the following URL.

http://download2.lsoft.net/PartRecovery.exe

Scan partrecovery.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.