» freesoundrecorder.exe
Overview
Analysis
File Details
Downloads (17)
Network (2)

freesoundrecorder.exe

My Program

Tsingsoft Imagination Information Technology Co., Ltd

The software installer may bundle adware as well as other potentially unwanted software using a download manager/installer from ClientConnect or OpenCandy. The application freesoundrecorder.exe, “My Program Setup ” by Tsingsoft Imagination Information Technology Co. has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

Publisher:

Tsingsoft Imagination Information Technology Co., Ltd (signed and verified)

Product:

My Program

Description:

My Program Setup

MD5:

5cfbf739ab64809f21304e3128b20a4e

SHA-1:

c6444a3aff80ad4389e72aa48daf8caffb0651aa

SHA-256:

5dc4dfe52c50c0053f664b818e3f60443455d448d14380c7eb9de8fcda83d64b

Scanner detections:

11 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

11/16/2024 3:48:30 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/InstallCore.Gen9

7.11.188.220

Baidu Antivirus

Adware.Win32.InstallCore

4.0.3.1588

ESET NOD32

Win32/InstallCore.PY (variant)

9.10781

Fortinet FortiGate

Riskware/InstallCore

5/11/2015

herdProtect (fuzzy)

variant of ocrfree advanced.exe

2015.8.8.16

McAfee

Trojan.Artemis!5CFBF739AB64

17.6.569.0

Qihoo 360 Security

Win32/Virus.Adware.f22

1.0.0.1015

Rising Antivirus

PE:Trojan.Win32.Generic.1722337F!388117375

23.00.65.15509

Sophos

Generic PUA KP

4.98

Trend Micro House Call

Suspicious_GEN.F47V0813

7.2.220

Vba32 AntiVirus

Malware-Cryptor.InstallCore.gen

3.12.26.3

File size:

667.9 KB (683,896 bytes)

Product version:

1.5

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\freesoundrecorder.exe

Digital Signature

Signed by:

Tsingsoft Imagination Information Technology Co., Ltd

Authority:

GlobalSign nv-sa

Valid from:

9/21/2011 11:12:19 AM

Valid to:

9/21/2014 11:12:19 AM

Subject:

CN="Tsingsoft Imagination Information Technology Co., Ltd", O="Tsingsoft Imagination Information Technology Co., Ltd", L=北京, S=北京, C=CN

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11211887AD441BA7E15E9131AAA0DEF9248A

File PE Metadata

Compilation timestamp:

6/20/1992 5:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:+tDFacRL8OkN/9084AiE7GYFc7pinWoLe+WZjrZFuQyEEGiRX+papbMt40H8afVW:+tDFpxY9VHNFgAW2e5vzElMpY0H8wVN8

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Entropy:

7.8862

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file freesoundrecorder.exe has been seen being distributed by the following 17 URLs.

http://dw.uptodown.com/dwn/YhzNC47AIMInAYUbq3AsSBgSSO5QWrE9-Tc7gDIzaml7AZi-vIX_GKKf6NMxy0FG9W5r-gegIJxSDlxUlJEYLQosBKvKSPQvxLYXH84ZkCp1FymbzTzkYl0Ia4Hn6ovf/12N0vPR6bRQHhMBFGT9ZSuC78T4e0IEVTEZAR5IhMSk3rXilOciQ90VyGfMBSzKZBoRvof2KhzT2EeAglAwHRbWmoofhtdCE5Y3eThM8KYeVvIdD_nYmrRawml0AhQzW/U3y8-e1en0cKId-KJSQzvhLddDpOTrY8tz9hnBLWgtdSOq02stUkRa9zS5-abE-AK6Ncz9WxnGyR4qyuxqK_mnXFAv9I_lJFf5CA5YtbWVE-IbDz4bTeVRbApNOZjCd4/.../

http://dw.uptodown.com/dwn/V0g3UhS9tjANj_Yjyg87EV63XhjBFwp2V8up6xW86BS6_u1rBZOoeRWzXYgAeBMpUkDhf7ZflMZyKFel6DlfVnJM2YykZ9Bdo-KfztvCOdv1ip3s9Y2U1976HQyD-bcd/nl8kM3OgLJfr9K3Pxsmk4j5Ps_HiB8f9_S2a-M8xGNztnEUllFh1rf_o7muaFzlR651LwZDvtpTtj2iJzHGBxuVHalLEjFxAKE2-PqUq3OgDl4hV2grR0ZfUBo1WslSy/nVJoz4OMAKWvMuGu8ocOYbIl5o8x3Qjp9Ti87UlNLU_Q-1ftG2wpMple7tdoruLDxlVbZ1msTeXtb7N84B6mij701NMvKgO3LhcprRQ8h9xOhS3Q0lq3Snuyh_3TYVQL/.../

http://dw.uptodown.com/dwn/XP_TuZ37S_8yqzjBpO7yk6evJfEGYbnAi5vJBDxkR_h_IhziZybiHh7RGG2F44383pfkENiRkIwJeGstjg7GVei6Bb_B-huUr0ruOGDezMkpUJOYxUbhUzf2XhKs0tFo/uHphqLvhxsozBYCiQ4xCg2s_LWP3mlHDZK0GNVxkIODvdcU3QcGoa-c8kj3OnMtOp-bkJg_hwcfBOkh-sstQWbWIw2o8B51mSpVF2F_kKK_lumaInj9F5qfsKTxhKRwS/MWiLpwqXSqSI53AHszxCspmPDhBNz9_4TTMbcyyGCN8nqH_fylH3MerM0YBxMraAJCWKG59R-3jCRSc6Ln4OUXlG08TEgJfxL2WhOUsSQVFQleUzmPEVirleVzHUwYoB/.../

https://dw.uptodown.com/dwn/YC9bjWfE0OwQ11ZzJxX2W_ETeaYGT6ShC-VP55jLmJaaITf9pX2_kWXZpLWaA4RwumRShj3BuYC102QZbRSJWttCEsFpY9TTOBS7GYIUYomrL7KYeLW4T8Qmxof_VzNd/NGHbC_o32_LHe34PPne1vfRFMnSht-SGIJz_GqbpfKotE8wL8eAthmnjFJam8jpMEel_ZbCb3K-i2HXr8M4RCxhDqRaIvyaNcQ2KcgCyIVqoYd854-wvz10mU_HPrc2w/SUbphW3zk_qNutKPjHuZyOZIBG13UXab77xkjGN3YaGM_1GqQSqwcfVl_BgI_5hUwuYzOFJcLDftLVe0-eNk3Izu46dk__lSUfnMXR9bLGP0sbyB5dHk7Zazdwv7Prjx/.../

http://dw.uptodown.com/dwn/D3iRXegUTboEwTiBHBbE4R72EiedOvvTEPkP2u8YVLneoMD2ZRq_eZ0Tikmc1yQ3FAUIjGHXcLEY2y1jAVIof2W2Va6JWoja-J7JFMx6-XGqFtdzL23HwzvaOILuTg4D/4K6CJT3BTh6tcFNrWnC0tpnceS9bdFP7zNNS7OGxzAtJCpRVOqLkfOMgkwfft0YQqABQ7A6KBFUokxm9tXO1K_vkKWl2GkY2eIim2wGaBdtUJMJ_O6V7m0j91nZSlTXK/GLMYvxS_Sw8OEmpGxzYRyR-1A5cEXBauBSXmugX5CWnrf_S-mobuR4lK4V9kgMN2NiIdACB92ReS4YPrg5fJSCPMWXtbYv-gvlQUwFYutO360xDsewzYzlA1an2pUGCq/.../

http://www.tamindir.com/indir/MjAxNC0wOC0xMSAxMjoxNToyMA==/free-sound-recorder/.../9.7.7

http://dw.uptodown.com/dwn/GCNqCOr-x0y-NYTeCIetTuAkb6SDdluRZVajBhfy-0EmMActhBNcZYS3ts-tlW1QSjL-dULQ56Q_8noZyO55g2Y7DdHFgvdKXsLbpK6ylwvHZfClWaHJebLEwBDHO5JK/L7J8yDKfHjSm-Pbs1tK1uWuITBkaGHjpfWyclHWNhQhNp9e0jyudKryBwOA4LSPj70TBW2puobcl3gNbPfilBBGAwxT6Ct0ZB5PToZiW2OHZCjamSQ0FCFpSgYH6d7sh/jJ5ZOnFWu1bW3vdeGnTKM7wgOznFnbTyKRB_TammT4XWXkEnj6dUoX7U5_StWoWH6T3OWJxafMA1L24Xdn82u7U2ENoxK2abNEytAVkwSQcWZBK8I1eb5uBZ4SskAXgZ/.../

http://dw2.uptodown.com/dwn/66lfJB8uX8w5dsRmHCs7sgeQWbFsoEG5v8v2dmE3ZyVSzkNEy4DDe9I173eTae4VPSwxCYV6TZj6X7fiJacrQ2LXO32BhfRXjGaH2EQ_VszcXnwh1bqcHYSq15Py7JLu/i-DELaO2_S75xHvejuvkFQJDPhPIYcdnzjAD5PNCNysW2tJdRzs4Sp1hRsM1WosE1xJCRveid1wu5Qu2o8523CywcYDWxgGpbBFNa7e_9fxGjl3f2vkim7Aq63o89903/uVXXSxb8vM8AFEG0qc7yQR9nyyhabovMBdpQy6DbA_mqnu6eppyxh7-Iy-vBI_U6xDM_cvhGbGjOwK-rIil4It8rEgzFpvyqt2ZAVCVHsowaKI3Y353AUOlU-8h8joRk/.../free-sound-recorder-10-0-2-en-win.exe

https://dw.uptodown.com/dwn/BqyB59Md7xau2-VSyCXNtj0MAbPb4QYxg1XBapvWShSaRVLhDGsPEsiejwgEn8kLlPQp2AyLyhkWakrXoW2D_NbQoX7OwmD9J2uJCStRUgymbWcSIjZAbZIRHTqe02KJ/oy-5fJ3mIbivrBabXES97WP8IwOxIgqjkmrzmhlCTRaW0kbhBTTJAe2RzmAAsUbEmb3fu_j5xro9HydKbhdDged2JeUXznKpcju5r1A3SFc5M7K4ee7OZEfvM7l-aeme/vQ8wngEhW9_txXV4VL1EcDrCZne_OPsXmzuA3yN51UWsuR82vee2tTfy4Z02mpw5lKgZWUZ2xN7YPHNWEffikv4M2oTzdLmMGNMOuuct0RSHp0_SNOKf0zd8A-4LwkrQ/.../

http://dw.uptodown.com/dwn/HuUtlnc3lnd6rOQHd-Wz8h9AnFPZ8zZqjYYUKAGra_eMCPvdgxVprAhRLPJnRIfisM_nfsDxhEb4cdo37MKIX3hEu3UQFBF43JUQ9x83n2G8SlXIXIHO9EHMMZ_Fo_ZW/HxJCoTzkHRZcVC92MDt6WTXOML3zolHnNcLJTLnMCsQpL0ZP12C97LM5WXV5crtyyxPQkexfoUdioje9vH1TEXuc3i_V1ZEvCv39jImI5pYvKTbRD1R2sZY9dG4zNagh/Rm9_nsaAvA2gi7EmQ_WLYTLvICgPDFCev3I8TcsCTG2e-C9dlL55iuuYVYCPOo2jHzYhUXRPfglDMh02-GQ9r8N-FdviTi-o1R8zyoYDh_A6VasvpIa3VxtxNfDWdvZL/.../

https://dw.uptodown.com/dwn/M-ex937Zd5T9achj_BHngOdwJT1WttmECQfwsw0Dw3yyluFEAGRiwyRg_muV1u6dGMBt3e0ySqMslmBCakBe-VJnQywjvOARVhfzj63VvpydxHJ4Wn_HpxbxoxpHI1cX/syUYlC-2-TtuJMfUfduLts9xOYhjHnnv6sWqfStXmn1HShevtxa_GgZr4iw5nWN3LSDCP59kQTAfPnte6Wyx-0ZzB3LwveXM8d90lOy2VCj82kmX-NBnj1cq2tb9TgHp/JwdqZ0GsPUca37JG8ukOkryUvFdaCSX5EHj1qorpyj_rpiIQ3rqH7Yi1-sVZh3lvVl5e5y8pOeb6A4x_gOfZccaXIHYQZrnTSZzAs_iak2020hlbFwnkT_rf7MtvGCnw/.../

http://dw.uptodown.com/dwn/xs2SFs72iWclW5RFZLVW7e0Fz-iVHUuHQRDUM4lEzLlOSUl6gYzZsdC8z8oEzlUEK2OS6cQQhvKUvNTt92L5DyNVJNGC9FqmLsWiT-fFYmAMagD-ICd4u9x9QbtDfdzn/6eLcqQsKSio8Sz1Z5qbepg9avvatA8B95VjUQsC1Y_PENWVww1FxwIzFS5s2CXEhh_1mLTH4W6ko590CydKTz2X61yWiSb5h5HZ1d73Z_x7hUvKau0SAml6c344urIcM/OkX1NBqiJ3H-etlRU-Xq37nld0ADdgkWEGGtHmOSvR5YbQwwXyjpvKpKNtTI8-UQErUkGXIgbW3Rd_avTAdtXqLCr8E9-P7BI0TiFe8s2BfSHhAnvY-u7tQkflkqCIJ3/.../

https://dw.uptodown.com/dwn/nB3Rr-7gaTBRlXnFXwR9pKQjvR3JmaCsvgVveBW4Mt_ByYLFFlTA_yrGUzk30GnbJLcahPVrSSXq-QNPPNNtI6kK80xFQz6UxqVieVIoAWIbyFBb4J78c1xnP3FiyXQ4/8ojiE6z8B6EgFV_VDo0t1ZwBt4X8GyByJZ74SrEhySfGeYDoLE1pzJ1WD840FvJMTsTWYNVWLMXUA-X-zUW8ycToB86lQoiy9kpR_pQH2ngeH1qkyN_WiER3gWfhrL2k/fZuSWm-hKs5K4d92swpr3YvNIG7lDy10ZOnw9zIw6KRcF7OD9LWCEBOIOawPDpxLbTz84ylQUVfMJl86MRDmEmN4TUp-Mv7zvw5qZ-v9LARC7yTPYPS3br1YDMcNfh8r/.../

https://dw.uptodown.com/dwn/B4wGwK3ATPP8VTMTt_rYdgW0bTnUrH96ft2Rw3QSYvabPD4nTEJXI4TBj3I5vo7lfCTliy4GTUZ56LNqCI_UB7akU7MdbU-reInJBue0EKQ_lXEE6WSKt98EA-P9zA4p/xil1nKL-_fE29o2hjS5SGPHRm8TcbwFeo-B9_DmROP0oyUWo5URC3eoCDrXtQcyUCtHDOjHrG-HoW5ZYzBDtPMUri3iSvIou3ikUlb36MC1mjTOEraJ45CVJUFL0tWPy/8gmcVj8X_1L3PEhCr7CSZ7qgOU5F9reLeTK_WOhxRJM7WeYECtMmA3CLkE2gZERM3EXcHFWWqROVdB-gn-utIAFN7MwVqA8Qt2qkyBhDivyLQMc4-HD8jbnERMiSoMi4/.../

http://dw.uptodown.com/dwn/_NpvcbEVIxPypZhlULsoRRP1rtuDAgI4TwykQoG-yvnRURQF7eUezpgZFNz6rjqFKkV-ty6IMt-l1xQHJsQiumcS4ntctH8tuprjrcZ7yRqeKb0w5A-6garH1umdJ5Wq/tY5nnBE_vF-27xTVY7CSlfn6E6ZKMoS3m1MHjXntLIycBC1hMEO1li9p7Emc5I04c1z7dazvzaM9G92jeZ3ZO9_JnXQoUMN9PvxjKuScA4LfRPjHEAgCDsZlNcvFKI8Z/9iEcnuGdxkX81GGof3SnD1qUIqNFAu8kPL6cq7GkwAj3QMKlUMToLTqd_OY4jtFIxYCKoKb7UCFlLmnMXBPEHUgoodnRY6jr1_Ilp8hwHNlmRxcSLK92_HmcCWdLbgTV/.../

http://www.sound-recorder.biz/FreeSoundRecorder.exe

http://dw.uptodown.com/dl/1434661188/.../free-sound-recorder-10-0-2-en-win.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-52-39-235-174.us-west-2.compute.amazonaws.com (52.39.235.174:80)

TCP (HTTP):

Connects to ec2-54-154-109-8.eu-west-1.compute.amazonaws.com (54.154.109.8:80)

Remove freesoundrecorder.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.