home

safepcrepairsetup.safepcrepair_89.jphpofgeenkgcigagafdidnlikboeocb.ch.exe

SafePCRepair

Mindspark Interactive Network

The application safepcrepairsetup.safepcrepair_89.jphpofgeenkgcigagafdidnlikboeocb.ch.exe, “SafePCRepair Setup” has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Setup Factory installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from ak.dl.safepcrepair.com.
Publisher:
Mindspark Interactive Network

Product:
SafePCRepair

Description:
SafePCRepair Setup

Version:
1.1.0.22

MD5:
712346001bb9f4e89ae7936252a9f8ba

SHA-1:
a2620f157f786839d38531147951a69c2437b478

SHA-256:
67b80084b6a316d40dd4f426fd2e60e100bae501558da61492037c423802ed0f

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/19/2024 3:03:15 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.2.3.19

File size:
5.4 MB (5,624,624 bytes)

Product version:
1.1.0.22

Copyright:
© 2014 Mindspark Interactive Network, Inc. An IAC Company. All rights reserved.

Trademarks:
® & ™ Mindspark Interactive Network, Inc. An IAC Company. All rights reserved.

Original file name:
suf_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\downloads\safepcrepairsetup.safepcrepair_89.jphpofgeenkgcigagafdidnlikboeocb.ch.exe

File PE Metadata
Compilation timestamp:
8/27/2013 8:10:44 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:9ghIm0gDHMxJ9d6uxcn4x8x1UGomgkUinzEdjQ1DPcJ5G0pzUb5Ea8Wx1xozOk:9sImhCL6uGCgev1ktnbdPc3fp25Ea8S2

Entry address:
0x29E1

Entry point:
60, 8D, 05, 5E, 11, FD, 05, F6, C3, AB, 8B, C8, 8A, E6, 8D, 35, 5D, 37, FC, 98, 8D, 3D, 36, F6, A1, 35, 70, 03, 0F, BF, FF, 41, 38, D0, 88, C4, 12, EF, C6, C2, F1, 81, EB, 6B, 52, 00, 00, 80, CA, 9D, 8D, 2D, F3, 31, 85, 16, 81, EB, 79, 05, 00, 00, 88, DB, 2D, 9B, 10, E0, 1D, 68, 0D, 0A, E5, 00, 0F, BF, C5, 0B, ED, 73, 02, 85, C5, BD, CF, D8, A0, 4D, 69, D7, 0A, 15, 4F, C9, E8, 2C, 00, 00, 00, C6, C5, DA, 8D, 15, 42, DB, 60, 08, 19, E8, 8B, D0, 13, F2, 69, F8, 55, A0, 90, 89, 22, D7, 48, 81, F3, 96, C7, 00...
 
[+]

Code size:
22 KB (22,528 bytes)

The file safepcrepairsetup.safepcrepair_89.jphpofgeenkgcigagafdidnlikboeocb.ch.exe has been seen being distributed by the following URL.

http://ak.dl.safepcrepair.com/images/nocache/vicinio/executable-packages/SafePCRepair/1425916752826/.../SafePCRepairSetup.SafePCRepair_89.jphpofgeenkgcigagafdidnlikboeocb.ch.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.