home

winundelete_direct.exe

WinUndelete

WinRecovery Software

This is a setup program which is used to install the application. This is installed with WinUndelete. The file has been seen being downloaded from www.winundelete.com.
Publisher:
WinRecovery Software  (signed and verified)

Product:
WinUndelete

Version:
3.2.0.0

MD5:
9e809cec313ac7e7c9c649fba607d620

SHA-1:
f326771336ebb06e2d8078e347ad596bc8be61fb

SHA-256:
2778b96386575fbb1eb0d500ea504ff1e34aa203ea55f19083e6f9a46e673e1a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 8:32:03 PM UTC  (today)

File size:
671 KB (687,104 bytes)

Product version:
3.2.0.0

Copyright:
(C)WinRecovery Software

Trademarks:
WinUndelete

Original file name:
winundelete.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\winundelete_direct.exe

Digital Signature
Signed by:
WinRecovery Software

Authority:
The USERTRUST Network

Valid from:
2/9/2006 11:00:00 AM

Valid to:
2/10/2008 10:59:59 AM

Subject:
CN=WinRecovery Software, O=WinRecovery Software, STREET=Yudao St. 29, L=Nanjing, S=JS, PostalCode=210016, C=CN

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
7A0F35A5D301113B4C50984A67E2F638

File PE Metadata
Compilation timestamp:
12/18/2007 2:17:14 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:WvnB86zMnaDpM2CGg8bTZUiaaV+CnKI16j55W4ruOrACeaPgRmlb3C6c6b7MP+DZ:WPSmDpM22KFUiaGrnKN95WPkPgRmlbxC

Entry address:
0x1000

Entry point:
68, 01, 40, 5E, 00, E8, 01, 00, 00, 00, C3, C3, 31, 79, 34, 98, 45, 1D, 3E, A4, FC, 4D, 26, 2D, D8, 4E, 7E, 9A, E5, 82, 74, E8, E9, 71, C1, 9D, F5, 7F, F7, 8F, D2, AC, 9E, E1, A8, 91, C8, A9, 0A, CC, 9E, 2F, C1, 96, DC, 04, 88, AA, F3, 9B, 52, 07, 09, C4, 5A, 9A, D9, 84, E1, 32, C6, 42, F9, 92, 4C, 2C, 82, 5B, 5F, 37, D8, 48, 4E, D9, 5D, 5A, 12, 6D, 1F, 8D, CD, 5C, D5, F5, 17, FC, 4E, BB, 07, 47, 82, 98, 67, AB, 86, F7, 09, 4D, B7, E0, 84, EF, FB, FF, B5, F2, 6E, 36, EF, 18, 86, CE, D1, 47, E7, 48, F1, FD...
 
[+]

Entropy:
7.9668

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
1.3 MB (1,318,912 bytes)

The file winundelete_direct.exe has been discovered within the following program.

WinUndelete  by WinRecovery Software
Publisher's description - “WinUndelete™ is the leading undelete software for deleted files recovery. It can recover deleted files from hard drive, flash drive, USB external drive, digital camera card, and more.”
www.winundelete.com
40% remove it
 
Powered by Should I Remove It?

The file winundelete_direct.exe has been seen being distributed by the following URL.

http://www.winundelete.com/.../WinUndelete_Direct.exe

Scan winundelete_direct.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.