home

freeshortcutremover.exe

Web Software

Beijing Qingchuanglianxiang Technology Co Ltd

The application freeshortcutremover.exe, “Web Software Setup ” by Beijing Qingchuanglianxiang Technology Co has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.heartcontentcentral.com and multiple other hosts.
Publisher:
Prog Lite Installer   (signed by Beijing Qingchuanglianxiang Technology Co Ltd)

Product:
Web Software

Description:
Web Software Setup

MD5:
8d5209f60c60e98f2b35dd1adf0e6bc7

SHA-1:
531d4e18b0b24c2f432ff8f2eb72d7249b992a18

SHA-256:
c70b449d08fac5604de9a871bc18c9e3873f0fb1ce769a1f087b925a0949bda4

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/16/2024 6:34:19 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/InstallCore.ADX.gen potentially unwanted application
7.0.302.0

Reason Heuristics
PUP.InstallCore.Bundler (M)
16.1.27.21

File size:
904 KB (925,696 bytes)

Product version:
5.0

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\programs\freeshortcutremover.exe

Digital Signature
Signed by:
Beijing Qingchuanglianxiang Technology Co Ltd

Authority:
COMODO CA Limited

Valid from:
9/11/2015 8:00:00 AM

Valid to:
9/11/2016 7:59:59 AM

Subject:
CN=Beijing Qingchuanglianxiang Technology Co Ltd, O=Beijing Qingchuanglianxiang Technology Co Ltd, STREET="1901,Moma Building, No.199 Chaoyangbei Road,", L=Chaoyang, S=BeiJing, PostalCode=100027, C=CN

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E5F50EB929935434546FDDE8F49FCB1E

File PE Metadata
Compilation timestamp:
6/20/1992 6:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:EtjvaxVYPchE3nUeRAJv5H7puxtqvVQXldh8:ElMVtAUeaJvxkbs8ldh

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9366

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file freeshortcutremover.exe has been seen being distributed by the following 2 URLs.

http://www.heartcontentcentral.com/c?x=AOxgg1TbzCezvtaghwI6ochN6lchjCs5wDAjjBWJN 4=&c=OuNs0F3 1fof5VUpVTC oDhT0rk02dsCFQeR9NV77OBdcOMt4sZ7NlrHXhEUbEEK5g xD7S9LdWny8F4U135yBgFACVCdBwBsswmILqAVXavwQkFQOubeODjxULwCNaz&downloadAs=FreeShortcutRemover.exe&fallback_url=http://www.downloadonic.com/shortcutremover.com/.../FreeShortcutRemover_IS.exe

http://www.vaultconecptclean.com/c?x=YvRAJv022KvZoEmkbl3/uBCmrtALTjMIc13oUlSDTGM=&c=D8TC/ysDqKBGHF0T3rxMYQpySrNFYaDlDAqwqPIOI171LRb7MydotKn1B2TJVrtnrkn3YakD3CI9JsE237hWc6mio9lk6QF/HcMQ23FsT8Tkq1qFOmdSUmCmZy9NKnS5&downloadAs=FreeShortcutRemover.exe&fallback_url=http://www.downloadonic.com/shortcutremover.com/.../FreeShortcutRemover_IS.exe

Remove freeshortcutremover.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.