hdsetup.exe

Gomeha

OOO ELEKTRO-KOD

The application hdsetup.exe, “Gomeha Setup ” by OOO ELEKTRO-KOD has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.deliveryconecptranch.com.
Publisher:
Cobopuh   (signed by OOO ELEKTRO-KOD)

Product:
Gomeha

Description:
Gomeha Setup

Version:
2.5.3.7

MD5:
eef49361a43e49baeb4a05ef14ecdefd

SHA-1:
06940ec85cb4f1965f858e30293dbdf85d1a864a

SHA-256:
68fcc7b8ca3b7fef3acd34bcd4afbd05e115661e34875c7f353e54ad64e325ae

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/15/2024 9:33:28 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.15.18

File size:
1.2 MB (1,239,416 bytes)

Product version:
5.1

Copyright:
Lite

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\hdsetup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
4/14/2016 5:00:00 PM

Valid to:
4/15/2017 4:59:59 PM

Subject:
CN=OOO ELEKTRO-KOD, O=OOO ELEKTRO-KOD, STREET="ul. Ibragimova, d. 35 str. 2 Pom I Komn 14", L=Moscow, S=Moscow, PostalCode=109428, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2EC7061CBC4E49BEE7F530967BE4F7BC

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9846

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file hdsetup.exe has been seen being distributed by the following URL.

http://www.deliveryconecptranch.com/rfpgYUsaHZWDlWJ8R8Hzng_PvRvU USynx 4CMdpXAa6ZpYxXNMeoSwwaCKONd6q6W6m7EWmDsrcBEXf1DoDGsRhlFhJB1lYZSJe4xKCwcB3HurI7BnV3NOWcaYsz6OR9iXDzR0FiCZUppFCkZwv974rIhxNCtjRn3xw7H4_3x dwjYVfc3uwWgS7Bzoe3cnTz HjbvnzyJbGs4iJ4rX4swXx wM6PnVMh_ifF_Wb JduZrVeWWmkdGrndloveolM VuBteCm9 tHM3fNjhB5IX8JYac9A4_YUDAWV3ybj9 Rc1D4ySHnCaKb jlt_6fSjkvwH4S5jbeMWVnbiqQmtrNLmi1oyA7ag8kjyVItBeXp6iNQa zXrzIV202pR1Llgkl9r9XLIKlPKOhhkx5FgxgxPTqIiGrNQlEE0JCbXzbhTiEdaNqjSSA3e5mFTqFMgsWbsQu9q0vPfWXxJLpwYiQ1h2uyLbRZAunUgXWWnaQ7AKNm2G7bIzzTfa_ATIowc9QQI97ILcKBnr3wOYvREHVklaGKl1WZJ7tkHcWLmHAXHn4VNIGSBP ONBNFAM8TdpOzi5FZ62dK2RQhlO32WuQvmu2dsVhvl8ySiowl2CRNHqSu9l6GZ148mpw0bVjBgqQh8rbqPodbhN_S9_6gbhAzXBDdFpSzp9nAgGlpGgl90EO53DPQe3cTCHMul5Le4IfYWcbHgAa5Dc6wXH1cYr3czxqBDgO3hUT1pm l9W_O4hHZ2OUmYF09aF_8LeHe2DWIfZr LMbn5yrEY5dXIesAkBAcSyBcCNP6jiv3EWhVXqYGGsIzKVGgVdESyerevF3XI3af6RfWI_E19TXwcsqzqPxfWvwug4hFy6HTfoqvIbkvTHcOu40yuR WvBuOFxiyuu8NKZjetkMVw1L74CvNbjXb H7xmLvCmRb17jCZRSYvcEiN8Mw6etGwmg1iBVK

Remove hdsetup.exe - Powered by Reason Core Security