» rescue.exe
Overview
Analysis
File Details
Programs (1)

rescue.exe

WinRescue

Super Win Software, Inc.

This file is installed with the program WinRescue 7.

File name:

rescue.exe

Publisher:

Super Win Software (signed by Super Win Software, Inc.)

Product:

WinRescue

Version:

1.8.36.49

MD5:

edc8a948c8086a8c9edabb6ff957c13f

SHA-1:

8af7b245e723e61a4243cd8e1780b250c4c29f23

SHA-256:

706cb1dc0203806fc916755b08cbb88ed2226bd04210a2a350d4a98b787f78e4

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/26/2024 5:29:12 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

DLOADER.Trojan

9.0.1.0268

File size:

2.2 MB (2,323,912 bytes)

Product version:

1.08.36.0

Original file name:

rescue.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\winrescue 7\rescue.exe

Digital Signature

Signed by:

Super Win Software, Inc.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

3/10/2010 3:30:00 AM

Valid to:

2/21/2011 3:29:59 AM

Subject:

CN="Super Win Software, Inc.", O="Super Win Software, Inc.", L=Ellsworth, S=Kansas, C=US

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

53406C42E5A5C7DF3E356F57A4F0FEA4

File PE Metadata

Compilation timestamp:

6/20/1992 2:52:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:47kMo23PitCm8WmAhumfC90chEtna00dMwjngnkFIJDK0vVzlJZ:KkSPGsF00d7+kqK0Nzt

Entry address:

0x161BA4

Entry point:

55, 8B, EC, B9, 14, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, 57, B8, 14, 17, 56, 00, E8, 84, 58, EA, FF, 8B, 1D, B0, 65, 56, 00, 33, C0, 55, 68, 55, 2A, 56, 00, 64, FF, 30, 64, 89, 20, B8, 14, B3, BD, 00, E8, A6, 31, EA, FF, A1, AC, 62, 56, 00, 8B, 00, E8, 9E, E0, F0, FF, A1, AC, 62, 56, 00, 8B, 00, BA, 6C, 2A, 56, 00, E8, 99, DC, F0, FF, A1, AC, 62, 56, 00, 8B, 00, BA, 80, 2A, 56, 00, E8, 88, DC, F0, FF, 8B, CB, A1, AC, 62, 56, 00, 8B, 00, 8B, 15, DC, 21, 52, 00, E8, 80, E0, F0, FF, 8B, 0D, C4, 62... 
[+]

Entropy:

6.5650

Developed / compiled with:

Microsoft Visual C++

Code size:

1.4 MB (1,449,472 bytes)

The file rescue.exe has been discovered within the following program.

WinRescue 7 by Super Win Software, Inc.

Publisher's description - “WinRescue backs up the Registry and important configuration files, packs the Registry, provides fivefold protection from system crashes, backs up any and all files that you desire, and much more.”

www.superwin.com/rescue7.htm

26% remove it

Scan rescue.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.