home

hdsetup.exe

Gomeha

OOO ELEKTRO-KOD

The application hdsetup.exe, “Gomeha Setup ” by OOO ELEKTRO-KOD has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.deliveryconecptranch.com.
Publisher:
Cobopuh   (signed by OOO ELEKTRO-KOD)

Product:
Gomeha

Description:
Gomeha Setup

Version:
2.5.3.7

MD5:
3d22b2fb07ec452eb549d9a4969e4828

SHA-1:
71f8def80de2882db4c2e9f56b8a193c97f9e585

SHA-256:
5795600c127dbab6ccb238bec1e50e62d39593cd063cd9834d4ea28cdb44a85e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/15/2024 9:15:59 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.15.11

File size:
1.2 MB (1,239,416 bytes)

Product version:
5.1

Copyright:
Lite

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Digital Signature
Signed by:
OOO ELEKTRO-KOD

Authority:
COMODO CA Limited

Valid from:
4/15/2016 7:00:00 AM

Valid to:
4/16/2017 6:59:59 AM

Subject:
CN=OOO ELEKTRO-KOD, O=OOO ELEKTRO-KOD, STREET="ul. Ibragimova, d. 35 str. 2 Pom I Komn 14", L=Moscow, S=Moscow, PostalCode=109428, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2EC7061CBC4E49BEE7F530967BE4F7BC

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9846

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file hdsetup.exe has been seen being distributed by the following URL.

http://www.deliveryconecptranch.com/NI7Nfi8V9ON5cSYIiLC3gvfHpAFDLuBy7ZitvSCBZ 6T0b bx9uAfkvMCzZUYKWiUJ37PjO1_9jgnwvih0qRSjLRUhWAvO9xkgCvT_IPHjzswiFX3zjFTt_U8ycnPxr6m7x4_Rteji8e6APKDO0y4JgI6PNeQ8uvSfHjbS_GPHn6gXS8_E_lVe1UfYUR8Kst1CKD8GZusGnMZqHSldcluUSp__RvAb4l8UZ3c5iyjO0ZvmLSiMYLoWZdRGgrUkZD4mNiNGzfD8_Xfg1RBY1vkfyTSotrsoPYve7sERxglqEVgQq z9madaDA5i38aoxkfHs_UQ7hUMwhqjFJssZjs7JczGJdVclkVDqqBLpBK6NKRGzMZsZzR9b7r5YOTHXVyJL74AedL_iWttqPrEPR TM0mKLTdmjDUww3K1_1U1iZzecT5jI_SlSgewZvZvJpuEvQ_YEm27Ofwmt6AvpyJgC_rY7ViGJupoyaTVf1sXiLot_LTfcVNnFP3BOYPhPkt_SMRpNSbm9 GxNkgKI1b_NCLloo9OmbORQi4jIVeDr5mrVBX_8I5mv3_AT7t5rUKyIzCBqJMKMhykTA8 LW6ui APEs43OhbsogAoBBYqPpD90fNfx jQ8ZtK SG20kDOk74pv4uaUacL1gSxoTv1p iqVJXseXnYr1SC_ Uy MLCoZMeny9qahiPDvyokapZjc__YYgcy7kt_c5pHQHf2LuE48EeanHeD78O MBbiRI5m AtqzHcW ljr92JOUhS40Qo4TlCZ4lql00bcjuEKv7q6gnl7uPG37ABB J9LKlO53JJM6Szr1GcX5_Ir5kn_aDs87sYgGaR 8JteBSmWlZdIlDlPbAy0URVLU0YHDWctUz7vg8uRrbNUGYQrwICnd2Daqb6oVRkGOOBSBPOcB989AjxLeUXBdUE6sN4T26sH J7mxyLubZ1rF6w9wWcRH

Remove hdsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.