» PhotoProductCore.exe
Overview
Analysis
File Details

PhotoProductCore.exe

Visan Industries

The executable PhotoProductCore.exe has been detected as malware by 9 anti-virus scanners.

File name:

Publisher:

Visan / RocketLife (signed by Visan Industries)

Product:

PhotoProductCore.exe

Version:

1, 0, 0, 7702

MD5:

d427d8a3f1e494ed56a49b06b97f93bc

SHA-1:

ab17f9ff18943b834d66b0d2a9d1af40abc25b4b

SHA-256:

d9ba42385db1522e1d4b163a5ef9ab5422c1ba38c1c388b09e4b30fa234d1bc7

Scanner detections:

9 / 68

Status:

Malware

Analysis date:

4/25/2024 11:37:23 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

avast!

Win32:Parite

160214-1

AVG

Win32/Parite

2015.0.4522

Dr.Web

Win32.Parite.2

9.0.1.05190

Emsisoft Anti-Malware

Win32.Parite

10.0.0.5366

ESET NOD32

Win32/Parite.B virus

7.0.302.0

F-Prot

W32/Parite.B

4.6.5.141

F-Secure

Win32.Parite.B

5.15.21

Microsoft Security Essentials

Threat.Undefined

1.213.6208.0

Norman

Win32.Parite.B

03.02.2016 10:30:35

File size:

473.5 KB (484,830 bytes)

Product version:

1, 0, 0, 7702

Original file name:

PhotoProductCore.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Application data\hp photo creations\photoproductcore.exe

Digital Signature

Signed by:

Visan Industries

Authority:

Thawte, Inc.

Valid from:

9/12/2011 5:00:00 AM

Valid to:

9/15/2012 4:59:59 AM

Subject:

CN=Visan Industries, OU=SECURE APPLICATION DEVELOPMENT, O=Visan Industries, L=Folsom, S=California, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

64EE6B5240E61AA8AF7428864A13310F

File PE Metadata

Compilation timestamp:

3/2/2012 4:39:55 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.0

CTPH (ssdeep):

12288:Cj0g5RfzUJ/CaeAL63CQmQTxRnLcxSVNbKo2aZ:C4gPwkAL+DTxRnLcSkZg

Entry address:

0x5F000

Entry point:

90, 90, B9, E3, 6F, 3E, 00, 90, 90, BE, 24, F0, 45, 00, BF, 98, 05, 00, 00, 90, 90, FF, 34, 3E, 31, 0C, 24, 8F, 04, 3E, 90, 90, 4F, 83, EF, 03, 90, 90, 75, ED, 0B, 12, 3F, 00, E3, 6F, 3E, 00, E3, 6F, 7E, 00, 10, 4A, 3C, 00, 4B, C7, 3A, 00, 3D, DA, 3A, 00, E3, DF, 3C, 00, E2, 6F, 3E, 00, 7B, 8F, 7C, 00, B7, D7, 7D, 00, 87, D7, 7D, 00, 63, DE, 3D, 00, B1, D7, 3D, 00, 81, D7, 3D, 00, 7B, 8F, 3C, 00, B1, D7, 3D, 00, 81, D7, 3D, 00, E3, 6F, 3E, 00, E3, 6F, 3E, 00, E3, 6F, 3E, 00, E3, 6F, 3E, 00, A3, 8E, 7C, 00... 
[+]

Entropy:

7.0869

Code size:

180 KB (184,320 bytes)

Remove PhotoProductCore.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.