freesoundrecorder.exe

TechEvolve GMBH

The application freesoundrecorder.exe by TechEvolve GMBH has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from freesoundrecorder.net and multiple other hosts.
Publisher:
TechEvolve GMBH  (signed and verified)

MD5:
29ffa912a6bcb8a57e9db93c162ee040

SHA-1:
59c73009d759c5cc1f71718f04b1a17748e1e6eb

SHA-256:
48830f747913150e46aa90140f3743b2a06949310d57a40668031455fd086a72

Scanner detections:
11 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/15/2024 11:27:23 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.15624

Dr.Web
Trojan.InstallCore.11
9.0.1.0175

ESET NOD32
Win32/InstallCore.RX (variant)
9.10823

Fortinet FortiGate
Riskware/InstallCore
6/24/2015

K7 AntiVirus
Unwanted-Program
13.186.14225

Malwarebytes
PUP.Optional.Amonetize
v2015.06.24.11

McAfee
Artemis!29FFA912A6BC
5600.6724

Norman
InstallCore.CERT
11.20150624

Reason Heuristics
Win32.Generic.TechEvolveGMBH.Installer.Meta
15.6.24.23

Trend Micro House Call
Suspicious_GEN.F47V1201
7.2.175

VIPRE Antivirus
InstallCore
35400

File size:
699.3 KB (716,064 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\freesoundrecorder.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
12/16/2012 12:00:00 AM

Valid to:
12/16/2015 11:59:59 PM

Subject:
CN=TechEvolve GMBH, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TechEvolve GMBH, L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
50FF3D5C361AE9F52E4B0A3CF576C6EE

File PE Metadata
Compilation timestamp:
6/19/1992 10:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:02BQptmyntdwTiim3Ki1ujuQO5PVdX6mB90g+Wiczr31oqRKvvXlxhx3N59UWdID:0qQXmGkTir3VoWPVdXD7EcnkVl3N59UZ

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9014

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file freesoundrecorder.exe has been seen being distributed by the following 2 URLs.

Remove freesoundrecorder.exe - Powered by Reason Core Security