» replacefiles64.exe
Overview
Analysis
File Details
Programs (1)

replacefiles64.exe

Security Stronghold LLC

The application replacefiles64.exe by Security Stronghold has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Printer Spooler Fix Wizard by Security Stronghold.

File name:

replacefiles64.exe

Publisher:

Security Stronghold LLC (signed and verified)

MD5:

7a51aa3ce07c7fcecfde4790d7bda2d4

SHA-1:

f2a6133ed0045e460c3e664ad6d4a42d92d3524e

SHA-256:

c5b12c858a30ab531e5c92db261448a44cac4dd78de4a4b1ea6509392e585a4b

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 6:25:42 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win64.Generic.SecurityStronghold.Meta

15.5.29.21

File size:

2.6 MB (2,680,784 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\Program Files\printer spooler fix wizard\replacefiles64.exe

Digital Signature

Signed by:

Security Stronghold LLC

Authority:

GlobalSign nv-sa

Valid from:

8/16/2012 10:41:30 AM

Valid to:

11/10/2013 11:49:56 AM

Subject:

E=manager@securitystronghold.com, CN=Security Stronghold LLC, O=Security Stronghold LLC, L=Astrakhan, S=Astrakhan region, C=RU

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121A8E6D4E8876A9E02DB5215F60B91C5F5

File PE Metadata

Compilation timestamp:

7/2/2013 1:03:49 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

8.0

CTPH (ssdeep):

24576:909B1FT7uVQaIvufnXpsqKDHENrPNjhdb7kIbvz8b+D7IY:eB1Z98XKDwphdb7kIbvz8b+l

Entry address:

0x8B8A0

Entry point:

55, 48, 81, EC, C0, 01, 00, 00, 48, 8B, EC, 48, C7, 45, 28, 00, 00, 00, 00, 48, C7, 45, 38, 00, 00, 00, 00, 48, C7, 45, 30, 00, 00, 00, 00, 48, C7, 45, 48, 00, 00, 00, 00, 48, C7, 45, 40, 00, 00, 00, 00, 48, C7, 45, 58, 00, 00, 00, 00, 48, C7, 45, 50, 00, 00, 00, 00, 48, C7, 45, 68, 00, 00, 00, 00, 48, C7, 45, 60, 00, 00, 00, 00, 48, C7, 45, 78, 00, 00, 00, 00, 48, C7, 45, 70, 00, 00, 00, 00, 48, C7, 85, 88, 00, 00, 00, 00, 00, 00, 00, 48, C7, 85, 80, 00, 00, 00, 00, 00, 00, 00, 48, C7, 85, 98, 00, 00, 00... 
[+]

Code size:

558 KB (571,392 bytes)

The file replacefiles64.exe has been discovered within the following program.

Printer Spooler Fix Wizard by Security Stronghold

During installation, the Security Stronghold Removal Tool utility will provide various bundled applications including RegClean Pro registry cleaner. It will then download utilities from its server and scan the user's PC.

www.SecurityStronghold.com

59% remove it

Remove replacefiles64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.