processhacker-2.30-setup.exe

Process Hacker

wj32

The program is a setup application that uses the Inno Setup installer.
Publisher:
wj32

Product:
Process Hacker

Description:
Process Hacker Setup

Version:
2.30 (r5267)

MD5:
2eb567691b690c8d89fae17cf86e0f48

SHA-1:
6d175ed607b2964711b943716bb92db03e3b727e

SHA-256:
8d4ec79c1377e03399a15b629db8124eeb11f7a696ef8677c10d909c6ea64017

Scanner detections:
3 / 68

Status:
Clean  (3 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/24/2017 11:42:02 PM UTC  (today)

Scan engine
Detection
Engine version

IKARUS anti.virus
not-a-virus:RiskTool.Win32.PHack
t3scan.2.2.29

Kaspersky
not-a-virus:RiskTool.Win32.PHack
14.0.0.4517

Quick Heal
RiskTool.PHack.g8 (Not a Virus)
4.14.14.00

File size:
1.7 MB (1,834,205 bytes)

Product version:
2.30 (r5267)

Copyright:
Copyright © 2010-2012, Process Hacker Team. Licensed under the GNU GPL, v3.

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\processhacker-2.30-setup.exe

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:tqPj4YfuKjJYJbaPdhYy3x1jw4qhgKICbUKpl:QVjJYcPDYO1oi/CbNl

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9815

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file processhacker-2.30-setup.exe has been seen being distributed by the following 46 URLs.

temp:processhacker-2-30-setup.exe

http://gsf-cf.softonic.com/6d1/75e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=76665&instance=softonic_en&type=PROGRAM&Expires=1480078621&Signature=Wy2XOq5Mh~U92Vvg3gsyYYN-k1n2P~V2fmECw-TQR3Yk36JKlcY3GQIaxE-jB9UvTBmOUbaNs5yR7vy8Ia2WDYXEqQqJutySTXKmMg40f5~ccDR3yhe6-vfrt7le6LWndB9xKveZ~aCmEODUTJi6t84Mq4soOf2qwKmy4RjJd70_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=processhacker-2-30-setup.exe

http://gsf-cf.softonic.com/6d1/75e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=76665&instance=softonic_es&type=PROGRAM&Expires=1486544879&Signature=eJfJRBdtZX4m~kAxnavR8CXeSZoMonP2CzGI0z4Io~qdmjvTgEEV-ILJJvkFYWzLgrNOT5s1EIWn~Ewp2Fe-SzLnKA3K1RdY3wBbmHBDt14nZlfDYOjtBehFPks2eZIS~MD9OAG1exZYOFNwop74Y6yApafAb8RWwUfTBqlbgoc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=processhacker-2-30-setup.exe

http://gsf-cf.softonic.com/6d1/75e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=76665&instance=softonic_it&type=PROGRAM&Expires=1440302860&Signature=WAeaNrN-5YOd7IEGJTUBlq8GUX-CSva7w-8zgIXoji2zWuoydOzwA4xPxlgUYvqYPl4hkc6KU6DRDW3bLM7J7xo3u7bGVGBc~OXPu7Ze81pvyn-HfPCI0tA69~XBwYQhSWWuuaW66M98-mFHWJTukjFGC2JEAwXBawFawiBztVY_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=processhacker-2-30-setup.exe

http://gsf-cf.softonic.com/6d1/75e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=76665&instance=softonic_es&type=PROGRAM&Expires=1431176759&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=A0of28mHQ3nYpHnCB8fRCvIZgdmnmLU0yYlV8BQsGL-UyfLnTYmCoToIRtbWW5-XlUZ3mvY-Wh9SHp0MDLWaCbWXN6vx0jOM7~SPPcxaE3t6M~5DLWnzpBxZlnSgZCpnlidRzoY9V9kvnLRo0hT6x6wUEGdCGgam6ITfXInVC88_&filename=processhacker-2-30-setup.exe

http://gsf-cf.softonic.com/6d1/75e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=76665&instance=softonic_en&type=PROGRAM&Expires=1482615988&Signature=Ft2ipxSsSa6FIl8EubUVC-i38oJgtqUoAoaNmUcoUq3sbYCCtySXo4gPjgK5sL3xWJdhV-EfdmH5fAhSb7Rmntq-39ZMaOk0ylYVDHkor~r-Hyo7hvzuqIYIVSgHQGNV1LaywZJLqZIlkdmYZGjvk4DPQKRDYF8vOOixGhq5ikk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=processhacker-2-30-setup.exe

http://gsf-cf.softonic.com/6d1/75e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=76665&instance=softonic_en&type=PROGRAM&Expires=1475498554&Signature=FXX9H8hNhXGX1cOvTI1ORZwQsLWGbH6PcRp52PpnZ8qPzcvdQThidYaFgmyH75sqKg2uCPzyOxnrzTiP6Nr2vi5d2NdDLHVSChqloR8MIk4V0QqsBC0jQAivTx4lZZ1mwULUFFwYf8dRYTlrtynSVTOA3ViovfmF9br4xXuayHg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=processhacker-2-30-setup.exe

http://gsf-cf.softonic.com/6d1/75e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=76665&instance=softonic_en&type=PROGRAM&Expires=1467849039&Signature=ZuvZA0U7LUNcQd0z18PL3m0XaibLFxQAFl1R0wHOnslN-kKNhuZROfub6MS~v8uEmjyrzDJUUWaoIGgNgm-PryOSI-NdZeBq4YvISUsMiwYW~Q9H4d7O1QpuuLQwjzlJiUlANJycLL1MOL0eDHo7JCmka-Sh098Nw0PqLWKkmvY_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=processhacker-2-30-setup.exe

http://gsf-cf.softonic.com/6d1/75e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=76665&instance=softonic_es&type=PROGRAM&Expires=1481897996&Signature=Nohe1AjIx5BeODhJmzLN1ukqlw2BjwgHZb0plqceaSsipNgGs8eSnL5-EDN-sQMC7IaXPtytEH38-Hl3LP-obhW~bTVK3QZayM7HMOohrpI2r33dwGkLuteqCzbN6ESalZQoeWNEJ7e6I3EWz0iDfdridgJejlGUCB6UyYtJwyE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=processhacker-2-30-setup.exe

http://www.tamindir.com/indir/MjAxNi0wNi0yMiAxOToyNTo1Mw==/process-hacker/.../2.30

http://gsf-cf.softonic.com/6d1/75e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=76665&instance=softonic_es&type=PROGRAM&Expires=1476782764&Signature=WxNf-I7AYMob~0joiYEp-ElKqm42hJYAcAKg07lKtgmmvcgjBQDzQ0e-eSGXKCi~fpjcTsFRjjpwidwPUxQiMNd6Oplln04qZdwiBxkSklop1vR5RG9A4A7VseZ4igUbq4mW7hS28ii5MaSbr0d5UzWRYFqMFoGm8N4JNJYqhhM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=processhacker-2-30-setup.exe

http://gsf-cf.softonic.com/6d1/75e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=76665&instance=softonic_br&type=PROGRAM&Expires=1467868868&Signature=OlN-OPBH4zw3wzPjzjqOibcrxFkHoU8Im7XEF4RcyfpLUldgpbzRmFvpccsN6r1pTljv9dhQ2ZPm34NDvIa2q~mxCusBBjK0Mu74i0nJUtrPB25HUCoLGc3dvquAV59tDm82D2XkuGu0tSqliTR0cVq-Ax0oO0atcdt0CHAqvFg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=processhacker-2-30-setup.exe

http://gsf-cf.softonic.com/6d1/75e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=76665&instance=softonic_es&type=PROGRAM&Expires=1480440462&Signature=TFjwBN1UMdRooTABFM1D6oWw-iQslgm8ly0UImtA7~7EEOBgGwyfZODcnbBvyw~A2~wHKB4hvSt~vNUmuG98RX2zbSTuOXQUcqX9J0NqXWYrVHF2LyTruPjsqVnjKQJ7lzlFwTKvrZgDYtnSDqbdSCoYKsQorervanLWoPZOz64_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=processhacker-2-30-setup.exe

http://gsf-cf.softonic.com/6d1/75e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=76665&instance=softonic_en&type=PROGRAM&Expires=1476336996&Signature=BuxSxdqKHiuGJJAxuoKcs9sdQh8LDzkcDESD2dOkl9OVog1YDdPJJ~jTix0uX8NT5a7dM-UHbiFqSBUnFHblp59HFnkQK6mLdHAFhTPBevnAym~tjg4k8PZLyxwHd6iac9fG2l50cXEboAHM8uSN9X31ykD8geLw3pjj5LbQVyw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=processhacker-2-30-setup.exe

http://gsf-cf.softonic.com/6d1/75e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=76665&instance=softonic_en&type=PROGRAM&Expires=1477248765&Signature=FvdxfRfbkCmTRRzq9AXpxS5mCahYf8qJe5P1vzdCwxWSWeiYSs2UynxQTodoLFjcw9uBs2VYHvkaf67QMsyLmAwJ-f2LmrX-GP1yhSXBmooeLNlWbXZNlHbeKCbJ1glrQOmAX3aaQpynzQqs4O1~Opy~Piq~vawnx8WEwRB2vtc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=processhacker-2-30-setup.exe

http://gsf-cf.softonic.com/6d1/75e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=76665&instance=softonic_es&type=PROGRAM&Expires=1473399057&Signature=acVC-OGLDogYOM3G4~3MtCJhg-eXjtSnJzdrAGa46thhnkNAmDsRYrEp5UYRaoDfdARJJhA9olRKFZh6lZgdvu38cYHfDlz5w2Lzd9exxWCPiu7uigRNsK1i2R9tnwEdWyu2iY5wKNbcCfWvliTqsf0bFHetV8DLirwltZZDS8Q_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=processhacker-2-30-setup.exe

Latest 30 of 46 download URLs

Scan processhacker-2.30-setup.exe - Powered by Reason Core Security