{blocked}.exe

Hus

SpeedySetup (Alpha Criteria Ltd.)

The application {blocked}.exe, “Hus Setup ” by SpeedySetup (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.capitalheartlaboratory.com and multiple other hosts.
Publisher:
Dulorofehe   (signed by SpeedySetup (Alpha Criteria Ltd.))

Product:
Hus

Description:
Hus Setup

MD5:
20ba9b8354e8b099ff7ad5423f99e5e2

SHA-1:
afcb96005d4e55b1f3004471c2df7b0890a2c007

SHA-256:
66a365c17e82deec865ab89f0c72db4911cf2a60696d3467febb2c0604de372a

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/24/2024 7:50:58 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.8.10.18

File size:
1 MB (1,050,576 bytes)

Product version:
5.3.7

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\bass guitar licks and riffsinstaller.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
1/6/2016 5:43:41 PM

Valid to:
8/20/2016 5:07:00 PM

Subject:
CN=SpeedySetup (Alpha Criteria Ltd.), O=SpeedySetup (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216B7B9B1E7ABF6047433BDBCDE9234400

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:oUQrFgJ1EbCBVp7cLb7uveOJqLwl7OD/J//sk8VlXxPsmgl7uq:oLBNb2VFcLb7uvReBt//s1xRgT

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9074

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file {blocked}.exe has been seen being distributed by the following 2 URLs.

http://www.capitalheartlaboratory.com/9fJzKSbJHwBE5eR5QkUP47HWLd1WCNTGXtbv8pttl1Q2k70hUGACZhKY0QpVF6kI3Jo1IVazeSU4ST2ggoG7zvGYpikrEXUJ7GI tngZg7iRVk3YfX3Ed4QGYYOaUbKPoj7O8qZi09OEen7AqHVvo4k8l5lOaw1fFRC73qZdst7rh2dTyDHkDXx8FuUJzPYlf4etr7Xi0FPnioeADq UJyY5Pat7EE7I 9HOFXFCEv5aW3cM7h9zNIkDslAl0m8NfhP3iwM0oOm2PgO3_AuHwtuIShuLoM_ ZiQ2DjXQOj9lfWdLMuYd8oNUwuYHwjOuenHzaXD eZOhpH8vKu8opB1R6o8b9xRVRqWnPJrmJl97T8l3wdFKxz2jKF NtMjauZy2NB97oy4W794hTfjD0gW4DKCbPMLSiMswOC7_wRvwDK61Abh7J0v 413Hzlt4FrLzit y-CxWAaHR0cDovL3d3dy5nZXQtaXQtYWxsLm5ldC9kZW1vL2Jhc3NsaWNrLnppcAM=-e

Remove {blocked}.exe - Powered by Reason Core Security