home

Screenpresso.exe

Screenpresso

Learnpulse

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Screenpresso’. This is installed with Screenpresso. The file has been seen being downloaded from screenpresso.com.
Publisher:
Learnpulse  (signed and verified)

Product:
Screenpresso

Version:
1.6.0.0

MD5:
f3cc90522d4673d18ad3269b00d56706

SHA-1:
ea44ae428b1bd91e45d1ba59a7fcf2761b81ac92

SHA-256:
346451c004cd15cfe0b7074ff16674269286f7e8e823f926fa801346c93ad499

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 2:01:42 PM UTC  (today)

File size:
11.7 MB (12,309,520 bytes)

Product version:
1.6.0.0

Copyright:
Copyright © Learnpulse 2015

Original file name:
Screenpresso.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\learnpulse\screenpresso\screenpresso.exe

Digital Signature
Signed by:
Learnpulse

Authority:
Thawte, Inc.

Valid from:
2/23/2014 12:00:00 AM

Valid to:
5/7/2016 12:59:59 AM

Subject:
CN=Learnpulse, O=Learnpulse, L=TOULOUSE, S=Haute Garonne, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
48A4512F54830AEE8CD60DC465C14A14

File PE Metadata
Compilation timestamp:
10/8/2015 10:47:42 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
196608:jpaYnXbhKWBk6Z2Jswb8cRbAeYgzFi0FjUkQhq:nlxak2zbFRbAeJuy

Entry address:
0xB98D46

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, AF, 3B, 16, 56, 00, 00, 00, 00, 02, 00, 00, 00, 5A, 00, 00, 00, 88, 8D, B9, 00, 88, 6F, B9, 00, 52, 53, 44, 53, DB, 5D, 22, 37, 56, F5, F4, 4A, B3, A7, B0, 69, 74, 07, BC, 4B, 01, 00, 00, 00, 63, 3A, 5C, 67, 69, 74, 5C, 53, 63, 72, 65, 65, 6E, 70, 72, 65, 73, 73, 6F, 5C, 53, 63, 72, 65, 65, 6E, 70, 72, 65, 73, 73, 6F, 5C, 73, 72, 63, 5C, 6F...
 
[+]

Entropy:
7.0595

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
11.6 MB (12,152,832 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Screenpresso

Command:
"C:\users\{user}\appdata\local\learnpulse\screenpresso\screenpresso.exe" -startup


The file Screenpresso.exe has been discovered within the following program.

Screenpresso  by LearnPulse
www.screenpresso.com
About 8% of users remove it
 
Powered by Should I Remove It?

The file Screenpresso.exe has been seen being distributed by the following URL.

http://screenpresso.com/.../Screenpresso.exe

Scan Screenpresso.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.