» 1269_ve_plp_krzysztof_premium.exe
Overview
Analysis
File Details
Downloads (1)

1269_ve_plp_krzysztof_premium.exe

Speech2Go Voice Package VE

Harpo Sp. z o.o.

The application 1269_ve_plp_krzysztof_premium.exe, “Speech2Go Voice Package VE Setup ” by Harpo Sp. z o.o has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from dnld.harposoftware.com.

File name:

Publisher:

Harpo (signed by Harpo Sp. z o.o.)

Product:

Speech2Go Voice Package VE

Description:

Speech2Go Voice Package VE Setup

MD5:

9abd3c4233ca7f06cf9f6fb52d3e1aa2

SHA-1:

bb21682f91f2fc4645f9e2a9ef4ebc25f4bbaadc

SHA-256:

7508a680de442258394266eb06e8093b267d4d300c547a02da0ed95e95f56fb3

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

12/26/2024 2:13:09 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.CSH (L)

17.1.30.19

File size:

129.6 MB (135,934,864 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\users\{user}\downloads\1269_ve_plp_krzysztof_premium.exe

Digital Signature

Signed by:

Harpo Sp. z o.o.

Authority:

DigiCert Inc

Valid from:

7/8/2015 2:00:00 AM

Valid to:

7/12/2018 2:00:00 PM

Subject:

CN=Harpo Sp. z o.o., O=Harpo Sp. z o.o., L=Poznań, C=PL

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0435331B1F32EA4E44E107ED0FA00265

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file 1269_ve_plp_krzysztof_premium.exe has been seen being distributed by the following URL.

http://dnld.harposoftware.com/.../1269_ve_plp_krzysztof_premium.exe

Remove 1269_ve_plp_krzysztof_premium.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.