freesoundrecorder.exe

Prog Software

TechEvolve GMBH

The application freesoundrecorder.exe, “Prog Software Setup ” by TechEvolve GMBH has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.sound-recorder.biz.
Publisher:
FreeAudioVideo  (signed by TechEvolve GMBH)

Product:
Prog Software

Description:
Prog Software Setup

Version:
1.0.5.a0.1_32601

MD5:
047683fe0af4f55a1af677b64e605c41

SHA-1:
93d5cc0a06edc84f7de955a6b36668f6e8453448

SHA-256:
a35cd3ad43df801bdc8a256536dd1de093b64d064960521a223b294dd7fde6b4

Scanner detections:
15 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/16/2024 3:31:45 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
7.11.200.132

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.1523

Comodo Security
ApplicUnwnt
20698

Dr.Web
Trojan.InstallCore.11
9.0.1.034

ESET NOD32
Win32/InstallCore.UP (variant)
9.11007

Fortinet FortiGate
Riskware/InstallCore
2/3/2015

K7 AntiVirus
Unwanted-Program
13.191.14631

Malwarebytes
v2015.02.03.06

McAfee
Artemis!047683FE0AF4
5600.6865

NANO AntiVirus
Riskware.Win32.InstallCore.dmfooy
0.30.0.64448

Norman
InstallCore.CERT
11.20150203

Reason Heuristics
PUP.Optional.Installer
15.2.3.18

Sophos
Generic PUA JD
4.98

Trend Micro House Call
Suspicious_GEN.F47V1231
7.2.34

VIPRE Antivirus
InstallCore
36624

File size:
678.1 KB (694,376 bytes)

Product version:
3.4

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\freesoundrecorder.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
12/16/2012 1:00:00 AM

Valid to:
12/17/2015 12:59:59 AM

Subject:
CN=TechEvolve GMBH, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TechEvolve GMBH, L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
50FF3D5C361AE9F52E4B0A3CF576C6EE

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:TeJp+EMfmlXzzEruSxZy9IUDbhNJgHVoJx0PsaLBcqGGfDhlpFdGhRDnCCBQPaag:TeJU3fQ/ErNxZ+NJgHV6COGLd4OaAu

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file freesoundrecorder.exe has been seen being distributed by the following URL.

Remove freesoundrecorder.exe - Powered by Reason Core Security