freemake.exe

Generic

Orbita LLC

The application freemake.exe, “Generic Setup ” by Orbita has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from download.mp3jam.org.
Publisher:
Orbita LLC  (signed and verified)

Product:
Generic

Description:
Generic Setup

MD5:
89fcbdee2e3ba398217c51326a2554b7

SHA-1:
e960bf408c24f8eea1b939e2fd9eee743ed9ae1a

SHA-256:
e114ef8583645f445fc9ab85cd834fbfa08c9d4d1e4cf7d436aafc0bb4e8538c

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/15/2024 11:20:26 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Avira AntiVirus
7.11.206.252

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.1526

ESET NOD32
Win32/InstallCore.TL potentially unwanted (variant)
9.11123

File size:
768.9 KB (787,360 bytes)

Product version:
1.0

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\freemake.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
10/24/2014 5:37:39 AM

Valid to:
12/13/2016 7:32:44 AM

Subject:
E=contact@mp3jam.org, CN=Orbita LLC, O=Orbita LLC, L=Nizhny Novgorod, S=Nizhny Novgorod Oblast, C=RU

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121CA83881898F63A64C1A31C3A8CC5C2F5

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:5uFJ1ag5K5nAYOLcdJFjAzhmyWnAakIQpe:58J5Ie8JFE1lQAxpe

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8620

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file freemake.exe has been seen being distributed by the following URL.

Remove freemake.exe - Powered by Reason Core Security