» freesoundrecorder.exe
Overview
Analysis
File Details
Downloads (1)

freesoundrecorder.exe

Nopumalifo

Purek

The executable freesoundrecorder.exe, “Nopumalifo Setup ” has been detected as malware by 5 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.funtourbundle.com.

File name:

Publisher:

Purek

Product:

Nopumalifo

Description:

Nopumalifo Setup

Version:

1.4.2.6

MD5:

a60dc7900ff1093092700de506790144

SHA-1:

e7eef4dedfbd7bb4f1a80d4df4ea2c234ed9f123

SHA-256:

5f89af43e5f511ae1f53b09dba5e7eba624ab21c15bb06e51940b8ff33d84c70

Scanner detections:

5 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

1/13/2025 4:25:18 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Win32/Sality

2015.0.4604

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.gen2

4.6.5.141

Norman

Win32.Sality.3

28.05.2016 13:03:37

File size:

978.5 KB (1,001,976 bytes)

Product version:

2.0.9

Fast Software

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\freesoundrecorder.exe

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:EtiJWODiGXIAR5v3nWi+dZKEUQq3p9UdRC+8Y4:EEgSbXV/t+dZKEVq5b+81

Entry address:

0xA5F8

Entry point:

60, 14, 06, 0F, B6, CD, 69, C1, C6, B1, 48, 48, C7, C6, 0A, DA, ED, C2, 88, D1, B7, 26, FE, C7, F7, C2, 95, E6, 11, 54, F6, C1, E4, 13, FE, 86, E6, 8D, 2D, D7, 11, 00, 00, 8B, CD, 8D, 1D, 79, AB, 9D, D0, F6, C4, 05, 8A, D1, 6B, DB, 00, EB, 0D, BA, 42, 70, 8E, 70, 18, CA, 69, FB, 90, EF, 36, 43, 0F, B6, F1, 3C, 86, 8D, 3D, EB, BA, F9, 79, 81, C3, 01, 00, 00, 00, F6, C5, 4A, 69, ED, EA, 0C, 6C, 3D, 39, F7, 69, C5, C2, 5F, 28, D9, C7, C0, D7, 63, 6F, 1A, 0F, BE, EE, 89, DF, 86, D0, 81, FB, EB, 00, 00, 00, 0F... 
[+]

Entropy:

7.9424 (probably packed)

Code size:

39.5 KB (40,448 bytes)

The file freesoundrecorder.exe has been seen being distributed by the following URL.

http://www.funtourbundle.com/ixLkyE8DqDlN1ma1_Ogno5hsf36YkwPVfYTLv8vV7u2tjg 0LZky3TAHX144p5cvKUyWs3rd0BJk2o2BljDl7AX3m7vAOR_BVpCtRx2MUAnbAp LvG_2ulMzmYrHdGR6Iknu59wiScK86Rg2GtK63DuqniAXH268PJI469T8IQd60gWRZMZF4Vxs4Sb4xq2x1Tyt4axlTZYNRY1EQBi2najhYQKziJgQSeVfXfzXxjRcLK0LqqJp4Q5k34R9M0PUPAY6_X5cO5ZpmncpQ2mJ4X6sOA1f0S aj2MYKgbG2yF8BbOxXwRP1Dx6RtwuK0Dyb8BbS_sPP720cDYNEKKCqwyaKhwsJq1HlifTV0gpUVCW2nqlSKLPx _epuKQAyZoXEsvUfhDD16e6RfWGENTaJT97EDVmuHCcdQ6Gk2JyrSeQXdRT5pyKp7pmn6Gzdp7KBce82T0WRe6SEln7rRjtHQQv5Ueiw==-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==-e

Remove freesoundrecorder.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.