home

peditorinst.exe

Photo! Editor

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from photo-editor.en.softonic.com.
Product:
Photo! Editor

Description:
Photo! Editor Setup

Version:
1.1.0.0

MD5:
bca282f42a298570c8f3dc760ad2ecaa

SHA-1:
0bc9ebb318d10d26b0a9b1a04bad11109ae4db9b

SHA-256:
1c866312cdd4ec6b3bbcb52320e3d518272d5274f48b69ca5e5b71240ab74b61

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/23/2024 12:38:09 PM UTC  (today)

File size:
7.9 MB (8,235,085 bytes)

Product version:
1.1.0.0

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\peditorinst.exe

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:SpSbtcYtpq+qBDEx5CMop0pPAzcF6zS9:SpOtHqBDEaMHBA46z

Entry address:
0x9A58

Entry point:
88, DD, 0F, AF, C0, 8D, 3D, 6B, D2, 88, 2A, 78, 03, 0F, AF, FA, 8B, CE, 81, CB, 69, C3, 50, F4, EB, 06, C7, C3, 05, 8C, 78, EA, 8D, 05, D3, F0, 3E, FD, 8D, 2D, 60, 2B, AA, 07, 81, CF, 95, 9C, 67, 5E, 89, D8, BD, 99, CA, 78, 7B, FF, C2, 68, 86, 82, F4, FF, 1A, DE, 84, E4, 59, 70, 03, 0F, AF, C0, 81, C1, 5C, 84, 0B, 00, 8D, 35, F7, B4, 7B, 8E, EB, 01, F2, 4E, 0F, BF, C3, C7, C0, E7, CB, 21, 94, 86, C6, 0F, AF, F1, 45, 8D, 3D, 78, 59, 0C, 00, 75, 03, C6, C6, E9, 81, EF, 68, 0A, 00, 00, 86, C2, 88, F8, 8D, 1F...
 
[+]

Entropy:
7.9995  (probably packed)

Code size:
36.5 KB (37,376 bytes)

The file peditorinst.exe has been seen being distributed by the following URL.

http://photo-editor.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAOSshH/AKyha564786MBd5K cBEVp8j1uAFiQPpFfEqN6Z6SgVRnvCQA8gDYdghciM/ObOe44fZ8uyqXk4PlUZyGMuSXq0/IsTNEGn2/D5YCowRX1MS8G6FCsnEiPSRkR/Q532TM7m7jOrVcIbOA DO0EBGzlQoM0u4wAheEcq7FuUxKu3Xp70wSNMg7jupNmF8ms5XTkRQ1Ch mzceF2PIcBPWu3vtoz4Lp4a5uOgmrisykwROySkzbP6ZZz51nlWMxywBbIK8V mjCcE6KNGFLlbjjetkUZJrIabTW8Y7YW4mLLpLSDJWcnU38eKQDN29Rq1O8YHWOpY Anbxa Kw5ytDS707ga8vKSQiGjQC3kXRiKb5zQfDiqUqYOxFruwy7bAD D4EqzVeyt/55S3Qi/.../iwlp7vy4WG N TmA M5rYR704Z1WuGLtBNECaMHieWyCowkFYiidlYhGUU5M7nvTYOzY85h6mM6MpYE4WVia29Mzlmuhy3z7c9WysBtcjTLNtHvHxPx7H5iSBdyeqVHuHYG2uJplAnMn

Scan peditorinst.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.