» rcsetup147.exe
Overview
Analysis
File Details
Programs (2)
Downloads (105)

rcsetup147.exe

Recuva

Piriform Ltd

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is installed with multiple programs including Recuva. The file has been seen being downloaded from filehippo.com and multiple other hosts.

File name:

rcsetup147.exe

Publisher:

Piriform Ltd (signed and verified)

Product:

Recuva

Description:

Recuva Installer

Version:

1.0.0.0

MD5:

b3091997055102ba258b0a47820ef4f0

SHA-1:

84460101ad0296c3200e585ecf1650fef05de682

SHA-256:

1aaaa8020d561b089bf9f542e3df84637b3ce3b7f84c7d98976f5ce2676745ba

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/24/2024 6:19:56 AM UTC (today)

File size:

3.6 MB (3,723,592 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\rcsetup147.exe

Digital Signature

Signed by:

Piriform Ltd

Authority:

VeriSign, Inc.

Valid from:

7/5/2011 7:00:00 PM

Valid to:

8/22/2013 6:59:59 PM

Subject:

CN=Piriform Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Piriform Ltd, L=London, S=London, C=GB

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

741D340793306ACA84FAB3ABBB1567CE

File PE Metadata

Compilation timestamp:

2/24/2012 1:19:59 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:W4YfhnkNUa2bNNTyY116dK9x1AN1UNi/FyQ:W4YfeUaENTyJRHUNiNB

Entry address:

0x39E3

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00... 
[+]

Entropy:

7.9949

Packer / compiler:

Nullsoft install system v2.x

Code size:

28 KB (28,672 bytes)

The file rcsetup147.exe has been discovered within the following programs.

QuickTime 7 by Apple Inc.

Publisher's description - “QuickTime Player 7 supports older media formats, such as QTVR, interactive QuickTime movies, and MIDI files on Snow Leopard and OS X Lion. It also accepts QuickTime 7 Pro registration codes, which turn on QuickTime Pro functions.”

www.apple.com

10% remove it

Recuva by Piriform

Recuva is a data recovery program and is able to recover files that have been "permanently" deleted and marked by the operating system as free space.

www.piriform.com/recuva

8% remove it

The file rcsetup147.exe has been seen being distributed by the following 50 URLs.

http://filehippo.com/es/download/file/.../

http://www.filehippo.com/download/file/.../

http://gsf-cf.softonic.com//844/601/.../file?id_file=58808&channel=WEB&instance=softonic_es&type=PROGRAM&fdh=yes&SD_used=0&Expires=1376337329&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=Aq1OKWInwhsPWFe7A7HSviCsldmiTaqXl0xeB5je4j6czwZ8FwaauDoc84fRuHBz~fxUQL3ZnSrx-UZRgCrCUgwVXx0Br4T3g2pA47qrlUcGVY9a0AfudElg6XX54r~0TBWHS0QORbtBxJrvlnpP3zj6SB2wwKNak0UJNFdVyB8_&filename=rcsetup147.exe

http://www.filehippo.com/download/file/.../

http://www.filehippo.com/es/download/file/.../

http://filehippo.com/es/download/file/.../

temp:rcsetup147.exe

http://dw.uptodown.com/dwn/_rqtlGAbz-tQaep1lNQGGPeIVWObGmj6OMUNIp1XBMGkz1OalGkbcfBgqq5kjZQ8Q4cu3WITnMuEh3Qii5Qxy8ZAOZZrYmgCDojtUvuU1x0bioaBn_r17_w4yTDWSrny/m4q5P2A86fWfRYohmIDEh0cToXzQyjOjKhfdobuBYySOy6ulff_s8zR0GMpax3-mLkFGfOkEUvYpNPK4_p39UnzU4kDBdoBnM6OVByXtF4mrSVD9rPnavz6xLtpqwVdm/yZaKWxXvtVCu0fdbsk9dDGnd0hJaF6HJ7HZd8B1BtzfZRuCSl6s1XP_N-qLiMgr5Trg8Bo2LyNlWWUoV3HD5bPJQy9r6qADfb7TCnn9RV7Uiwi_ml1GF2WrXdF81QjKl/.../

http://www.filehippo.com/download/file/.../

http://i.download.idg.pl/fannef/913f5f6fe00a775467fd9b30d638fae6/5708297a//vol2/w95/recover/.../rcsetup147.exe

http://www.downloaddoo.com/Download.aspx?ProgramId=4501&Seq=1

http://global-shared-files-l3.softonic.com/844/601/.../file?nvb=20130728181201&nva=20130729061301&token=0033e5512853d237bedf7&id_file=58808&channel=WEB&instance=softonic_es&type=PROGRAM&fdh=yes&SD_used=0&filename=rcsetup147.exe

http://download.bleepingcomputer.com/dl/3629b296f94320f3882b2042672b967e/5312508d/windows/utilities/file-recovery/r/.../rcsetup147.exe

http://www.filehippo.com/download/file/.../

http://www.filehippo.com/es/download/file/.../

http://fs40.filehippo.com/3433/.../rcsetup147.exe

http://fs11.filehippo.com/1064/.../rcsetup147.exe

http://fs41.filehippo.com/2309/.../rcsetup147.exe

http://www.filehippo.com/it/download/file/.../

http://download.bleepingcomputer.com/dl/9ece72da89a72e9964edefa67429683d/53e681a7/windows/utilities/file-recovery/r/.../rcsetup147.exe

http://download.bleepingcomputer.com/dl/a7d32d291045293f262caca8175fb062/545d8c65/windows/utilities/file-recovery/r/.../rcsetup147.exe

http://fs40.filehippo.com/6912/.../rcsetup147.exe

http://www.filehippo.com/download/file/.../

http://ftp-stahuj.centrum.cz/dl/f2f783c30be80ef90f111126e34145d5/51ffb615/stahuj/download/software/secured/r/recuva/.../rcsetup147.exe

http://download.bleepingcomputer.com/dl/584ac4fb5f778507018b2f154df0c8ce/53fa5b9c/windows/utilities/file-recovery/r/.../rcsetup147.exe

http://fs41.filehippo.com/5005/.../rcsetup147.exe

http://www.filehippo.com/download/file/.../

Latest 30 of 105 download URLs

Scan rcsetup147.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.