home

freeaudioeditor.exe

Laharalore

Huaxinwantong Beijing Technology Ltd

The application freeaudioeditor.exe, “Laharalore Setup ” by Huaxinwantong Beijing Technology has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.tourappschuckle.com.
Publisher:
Delafopa   (signed by Huaxinwantong Beijing Technology Ltd)

Product:
Laharalore

Description:
Laharalore Setup

MD5:
e2440a482ef7a8903c86eb4d070e48d7

SHA-1:
e0685dbccc32ccfd3c8a87809b23f26beea7aa7d

SHA-256:
abc59ef3974b39393410d9908531dcce8ed76138c0bace9eab8e87e8952a4328

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
2/26/2025 9:38:09 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2017.0.2764

ESET NOD32
Win32/InstallCore.AFF.gen potentially unwanted (variant)
10.13381

K7 AntiVirus
Unwanted-Program
13.222.19399

Malwarebytes
PUP.Optional.InstallCore
v2016.04.24.11

Qihoo 360 Security
HEUR/QVM06.1.0000.Malware.Gen
1.0.0.1120

Reason Heuristics
PUP.InstallCore.ENG (M)
16.4.24.11

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
48868

File size:
908.9 KB (930,688 bytes)

Product version:
2.1

Copyright:
Wizard Lite

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\freeaudioeditor.exe

Digital Signature
Signed by:
Huaxinwantong Beijing Technology Ltd

Authority:
COMODO CA Limited

Valid from:
3/24/2016 3:00:00 AM

Valid to:
3/25/2017 2:59:59 AM

Subject:
CN=Huaxinwantong Beijing Technology Ltd, O=Huaxinwantong Beijing Technology Ltd, STREET="Dong Balizhuang 54, Building 2", L=BeiJing, S=BeiJing, PostalCode=100025, C=CN

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C31292C6449E082B3FBF99E310243E2E

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:7zgPdUf/eMBFedH5/Qouw6sPcepSVOHM0O0YoRBKm:70FWeMbedZIDw6VVy1O0YoRBKm

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file freeaudioeditor.exe has been seen being distributed by the following URL.

http://www.tourappschuckle.com/WVl6OTRQWFV6UWtWalJXeHplSGRaU2tKSWNDVXlSbHAwWTBveWVHaGFXVU5NTXlVeVFrNUJTME13UlRSdWQzcFFRek0wSlRORUptTTlUV0V3U2tSc1dIZHZOSHBUUkNVeVJuUjROSHA2V1ZweFowMUxWMkpOVmpKTFVHMVFNR2RIT0RnM2NFOVBiWG8xYTNaRFFqSlViSFl3TVdOUVRIWkRNM2xOTkRaUmRWZG5ZeVV5Um1seGJpVXlRazVEVEdsaFNFZHNZVzh4YTB4amFVMTVlV0pQV0NVeVJtdHlPRWhtVFhsM1VXdDRZbTU2UlVaNWJtVmxiV2MxUjFaa1dFZGlZaVprYjNkdWJHOWhaRUZ6UFVaeVpXVkJkV1JwYjBWa2FYUnZjaTVsZUdVbVptRnNiR0poWTJ0ZmRYSnNQV2gwZEhBbE0wRWxNa1lsTWtaM2QzY3VaRzkzYm14dllXUnZibWxqTG1OdmJTVXlSbVp5WldVdFlYVmthVzh0WldScGRHOXlMbU52YlNVeVJtWnBiR1Z6Wkc5M2JteHZZV1FsTWtaR2NtVmxRWFZrYVc5RlpHbDBiM0pmU1ZNdVpYaGw=

Remove freeaudioeditor.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.