home

undeleteplus.exe

eSupport UndeletePlus

eSupport.com, Inc.

This is a setup program which is used to install the application. The file has been seen being downloaded from www.undelete-plus.com.
Publisher:
Copyright © 2008-2012 eSupport.com ? All Rights Reserved(  (signed by eSupport.com, Inc.)

Product:
eSupport UndeletePlus

Version:
3.0.6.303

MD5:
c185ca28aee84f2ddadd2ae6f16146b1

SHA-1:
1a126031a300158e170e926a6690c24f188caed4

SHA-256:
3c9fb0ebcf4862581a12d946acf645c773dd09dbc42d85a7a936b15fd529c426

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/19/2024 5:47:37 AM UTC  (today)

Scan engine
Detection
Engine version

Rising Antivirus
PE:Worm.Rebhip!1.64F0
23.00.65.15327

File size:
2.2 MB (2,325,600 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\esupport.com\esupport undeleteplus\undeleteplus.exe

Digital Signature
Signed by:
eSupport.com, Inc.

Authority:
GlobalSign nv-sa

Valid from:
9/24/2014 3:36:26 PM

Valid to:
9/25/2015 3:36:26 PM

Subject:
CN="eSupport.com, Inc.", O="eSupport.com, Inc.", L=North Andover, S=MA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216E054FAD930D88CABC078EB0D3BCC8AC

File PE Metadata
Compilation timestamp:
3/3/2015 11:40:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:hZ4NzT7W2tf79GSyMD7KaOgbTXk7l5nVX4kZRXw9ps4GnsAmmrhtN7Fb8L:eloSyoKPe+BVIutwY439mrN7B8

Entry address:
0x5B4B40

Entry point:
60, BE, 00, 20, 79, 00, 8D, BE, 00, F0, C6, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.8773

Packer / compiler:
UPX 2.90LZMA

Code size:
2.1 MB (2,244,608 bytes)

The file undeleteplus.exe has been seen being distributed by the following URL.

http://www.undelete-plus.com/.../undelete_plus.exe

Scan undeleteplus.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.