» recuva.exe
Overview
Analysis
File Details
Downloads (21)

recuva.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www.bitstagcontent.com and multiple other hosts.

File name:

recuva.exe

MD5:

63e100093ac8ce0a3a5999839f53098f

SHA-1:

9c07bafacfbd40661c4fe0eb3bd7a46ecfd02dbc

SHA-256:

e094d3cbc87e658d2c95b025ed1758bd9dbdcaa7c960c2fd2f8f06eaaff72edd

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 3:48:14 AM UTC (today)

File size:

3.8 MB (4,000,946 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\downloads\3676090eded622c6bec547ed78bdf6d1\2b24d495052a8ce66358eb576b8912c8\recuva.exe

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

98304:inc9axwigonW4bmfhRi3Lw73t9GW4A3FGiiydxU66cv+qNS:inLIohgYw7/N4AAKucrNS

Entry point:

50, 4B, 03, 04, 14, 00, 00, 00, 08, 00, 6E, 8E, 7B, 46, 63, 39, 3D, 10, 3A, 1E, 00, 00, 00, 74, 00, 00, 12, 00, 00, 00, 6C, 61, 6E, 67, 2F, 6C, 61, 6E, 67, 2D, 31, 30, 32, 35, 2E, 64, 6C, 6C, ED, 5D, 4D, 6C, 5C, C9, 71, 6E, ED, 4A, 23, 89, 22, 29, 51, 3F, AB, 7F, 91, 14, 45, CE, 70, C4, BF, E1, 3F, 69, C3, 5E, 92, 43, 72, 44, EF, 8F, B0, 6B, 7B, 37, 71, 60, 58, 3F, D4, 4F, 96, 22, 65, 92, DA, 95, 8C, 38, 10, 90, 43, D6, 40, 02, EC, 21, 09, F6, 64, 24, B7, 3D, 1A, 49, 0E, 9B, 1C, 82, 20, 01, 82, BD, 18, 70... 
[+]

Entropy:

7.9950 (probably packed)

The file recuva.exe has been seen being distributed by the following 21 URLs.

http://www.bitstagcontent.com/ORvciXPpX5hjaUagM3F2Zst7OJdG1KiBc_rBeEieYicVezORMXa0ya03gtNQFTYt jp oi_KUgcphdM eSHiHU0VP7MPBz46A3kzh_O j6w8sr4ePSYSP2ejgSWOzrfjt2tjeb3ZfpjFpliJ4ogBZNk OhmObKsrKnIzz9z9Pg9l8QaLPbMcMAFwrvF8YHV5PfMZeCGi-GzQAAETnFhPANwK0ZHDvTtTZhRgyiUT6wjYQN1aUoEbitqE8bc_muWs8RCg_AQ==

http://dl.cdn.chip.de/downloads/.../rcsetup1.5.2_slim.zip?cid=54418612&platform=chip&1465223813-1465231313-97cf84-B-5603ab7f5ff1eacd5b74aad9aeb8a7bc

http://dl.cdn.chip.de/downloads/.../rcsetup1.5.2_slim.zip?cid=54418612&platform=chip&1472495212-1472502712-a7eb7d-B-8eb27c904ff2240a043b96175a4df221

http://www.bitstagcontent.com/o_4jCn8YPlLxfvkYcooNiLC4TRfvbD_iix M8y6NL2JP6yuppSfC8SotXnMQyZ0QlgwFY1ioAUCe5Vt61jSnkZrzl3E w1pWQMcnpbWEiq_zhl0sxdBjyIuAqGyVDfBTXg_jGMc7Dg00Em1 aMkp n_ABM7qOobmC1J7UwoVCoEsWWlhnhf frcgnkMnQnFEhLfiw3nj-GzQAAETnFhPANwK0ZHDvTtTZhRgyiUT6wjYQN1aUoEbitqE8bc_muWs8RCg_AQ==

https://www.piriform.com/recuva/download/.../downloadfile

http://dl.cdn.chip.de/downloads/.../rcsetup1.5.2_slim.zip?cid=54418612&platform=chip&1467359836-1467367336-9e3dd7-B-ad0f8fecf940b03f1dce56d4e29fa34f

http://dl.cdn.chip.de/downloads/.../rcsetup1.5.2_slim.zip?cid=54418612&platform=chip&1471366733-1471374233-5dd44c-B-1899ddb5a8d0335855f1d4c5506f5ecb

http://soft.telecharger.com/.../rcsetup152.zip

http://dl.cdn.chip.de/downloads/.../rcsetup1.5.2_slim.zip?cid=54418612&platform=chip&1464612574-1464620074-237642-B-fdd0f4ccc395f8c9542d4e8445dbe84c

http://dl.cdn.chip.de/downloads/.../rcsetup1.5.2_slim.zip?cid=54418612&platform=chip&1469958537-1469966037-524b87-B-0416eef36c982b4cdacded3862e4c3a8

http://dl.cdn.chip.de/downloads/.../rcsetup1.5.2_slim.zip?cid=54418612&platform=chip&1448718879-1448726379-4654dc-B-e9842c1b97f359528acb4a1dd801404a

http://dl.cdn.chip.de/downloads/.../rcsetup1.5.2_slim.zip?cid=54418612&platform=chip&1460444139-1460451639-8da5a5-B-c1bb657a034c1d3bdbbc2243c3de497b

http://dl.cdn.chip.de/downloads/.../rcsetup1.5.2_slim.zip?cid=54418612&platform=chip&1462455457-1462462957-31c213-B-031e05720c25c39e07e8445ef90ff20d

http://ec.ccm2.net/www.commentcamarche.net/download/.../rcsetup152-1.52.1086.zip

http://www.bitstagcontent.com/WPNX3JzV1dzCzW igelNLroOdrtDX4sPcjc7pXTCENk40ET00jLubyQ gYMnTrQ5P5jEJifLfR8CdyILarapJ0mf8UTXsBKxquiL zTVADO1sh1ZP9OGiBBv9r7cGmGKifOoW4CEJsAxB_z1AkrFtMPPffUZ0jmMVPYcvTKTqFprlT4Fo7JGr0sPkke L B6Qy8fc9bQX03whc0FtlBlHpnK6Saamnmr_6t4eBA7TEB0zkQ7gnU00UhB2rGAZWFKpwBJlOdoyR1npveIaEjQQkEP_Y8MaPmlNZ1noJpXXBLaRjDyB79jDUdhGjYJ_9Wm8L5llVumb25nGg45sEAErUhpYkc3YrMc84H3r5Ck10SuhapF1LZWSBmDy90kbqkSUB49wbRXIlTrSo_UkMS8jO0fJS5n9r2U8mlJ miE5h9syNFQj6vuzUNvN0GYXHa1SiEVNo4JIXCKW5UrFecBOf8eFqLZ5CZ znZwPuhz6ieVDQuzd1SWYv o6jfyfD1NpLFUlGMLKkmhhzGpRFHVy2sgFsprlvuMTwnhG7nUFzNGUL928cao2dZjFEDe_r6hCZHeVbQKRzT6CczWzDEfrLossR1Fc8P9Di7mzVg8qkCw5hj5zxLc93kf5uOOE3i_1lS5jTgae36v9qvLlVq Rxa0kmWFKn666w8vWTkABGTBy7J6YC6nAKjKxm6hFQkfHceqOU oB8rERzaZZTsHCaRnV6d8vfFci0oVSx06hC49FY1W4jKtZv8UJ5d6TOe61bXOZmVL1vC6UJ0fIPnW7E7nj8PdY_svJ9MAadv8F1asIROADC8=-GzQAAETnFhPANwK0ZHDvTtTZhRgyiUT6wjYQN1aUoEbitqE8bc_muWs8RCg_AQ==-e

http://dl.cdn.chip.de/downloads/.../rcsetup1.5.2_slim.zip?cid=54418612&platform=chip&1465327495-1465334995-5fc314-B-9b9f958bf8963a8be7cb13b55be13c3b

http://dl.cdn.chip.de/downloads/.../rcsetup1.5.2_slim.zip?cid=54418612&platform=chip&1458222804-1458230304-a8a752-B-4f415d2049ff6969fddc25eb5724f275

http://dl.cdn.chip.de/downloads/.../rcsetup1.5.2_slim.zip?cid=54418612&platform=chip&1462319657-1462327157-7da936-B-629c5345a16d631530bcdafe25e11fc5

https://tmpfile2378.s3.amazonaws.com/download77/ic_trackings/1293151/.../recuva.exe

http://download.bleepingcomputer.com/dl/a800978b8b5c099adc311b9795a68833/56dbe192/windows/utilities/file-recovery/r/.../rcsetup152.zip

http://www.piriform.com/recuva/download/.../downloadfile

Scan recuva.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.