hdsetup.exe

Sac

OOO ELEKTRO-KOD

The application hdsetup.exe, “Sac Setup ” by OOO ELEKTRO-KOD has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.laboratoryclearworld.com.
Publisher:
Gepap   (signed by OOO ELEKTRO-KOD)

Product:
Sac

Description:
Sac Setup

MD5:
25be56ddf1d6b6eeb4f7695a1520e9f9

SHA-1:
312791463cce4b72f2dd630926ecd39270d9bb0e

SHA-256:
2df2a6a452fa04faa4f373eddf50d277582f49954e379bb4db4188e3a99300b8

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/26/2024 8:39:18 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.16.7

File size:
1.3 MB (1,325,384 bytes)

Product version:
2.5.1

Copyright:
Soft

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\hdsetup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
4/14/2016 9:00:00 PM

Valid to:
4/15/2017 8:59:59 PM

Subject:
CN=OOO ELEKTRO-KOD, O=OOO ELEKTRO-KOD, STREET="ul. Ibragimova, d. 35 str. 2 Pom I Komn 14", L=Moscow, S=Moscow, PostalCode=109428, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2EC7061CBC4E49BEE7F530967BE4F7BC

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file hdsetup.exe has been seen being distributed by the following URL.

http://www.laboratoryclearworld.com/7niAKoPX0Vt5IlKkOS4RHZaUYsV9_EEgZ03Ughzw4HooIXRgHDjsToOXGJ1ghpRLjuicHEjSmMz89Ez40DmIaqxBBdR2V3I5Y_KXLtpmJxwCVw58PHpEui3ievWUxs q57H9w0PgrbCBnrH3Rnpf_2a2llCUarGdUv2ZNB4LajwfTfnukNQrb6GzIQgyEg_El62s4EPnT8BBqHtphI03ii1espdSgvOuqvp9M6OhTpeQOpgDQ_EnSparY9ygqSj7qVt2RCg32Ov0NymPQaF0_utqWu4R hoSi3Wy4DuWRzlroYAqmZNITTcGQLZ1eDNb4XatAxhsyyUfdsYBXQee6GXg_pwqGebmtBH1TXH0OMABUNyj_UEH gRjOoR5U1ikn9NKX19k4T 9Hbb3Q20tTommnUn3WRXxNSbo99fl6EkDBaVSVjupLtySud5rSJs1_ZjStF1BG2AtAUPgsHxqzt9TWhqVMiRgcMBhN0_9IpkJQLI8WRFhykRbf2jZQfyn4QzJFdrZrKWGt2Xm dbZB3PqNrUAUa6hDVnNtnKCZ9OgogbZA2CFk UcDlc2wBVD4MP9kCdxnf4KGqE055eYFZxuyO8SboXHoOXPGRmBKEHd5DiTVfrauHOTFVcSnERUgaueWkaaqWOo0dMsrIeXK1FDrceGCTD_eAsUDjdt_BQqNqloeaFjRGapYu7B4ILdA n0_9tBykd26x5mTp1esW3nD6UIQv0sVczpGskkU9PT5TarNXr3k8VQAa9r9qMzDcYO8E1Ulq0Wtt8QdLpe4 2sapwn5nW5IA0F6zoy_PUQHAACjRPgIPeHmL9ZPY9OX6OJonyF9Ydeg1fxDJ6HQepS DrtgZ79oTyTYgw9P7P1WbmmCM4ify8_d7y356WTAbc3YY_e4lhfZop2qTJ7flTnhvvgzqGhiAtlDXIcGX0luPXgpdzGAFELceTcHnIQa781

Remove hdsetup.exe - Powered by Reason Core Security