hdsetup.exe

Gomeha

OOO ELEKTRO-KOD

The application hdsetup.exe, “Gomeha Setup ” by OOO ELEKTRO-KOD has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.deliveryconecptranch.com.
Publisher:
Cobopuh   (signed by OOO ELEKTRO-KOD)

Product:
Gomeha

Description:
Gomeha Setup

Version:
2.5.3.7

MD5:
38f8a99b8ec9b27773b9bcdb5c93fbbe

SHA-1:
8d9d8ea84fcb079f624e17844560a1e25925a601

SHA-256:
d9c39790a7bb4d23526ce11de5c97c3752b169c575016514af10cbf3481712a2

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/15/2024 9:51:08 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.15.7

File size:
1.2 MB (1,239,416 bytes)

Product version:
5.1

Copyright:
Lite

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\hdsetup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
4/14/2016 12:00:00 PM

Valid to:
4/15/2017 11:59:59 AM

Subject:
CN=OOO ELEKTRO-KOD, O=OOO ELEKTRO-KOD, STREET="ul. Ibragimova, d. 35 str. 2 Pom I Komn 14", L=Moscow, S=Moscow, PostalCode=109428, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2EC7061CBC4E49BEE7F530967BE4F7BC

File PE Metadata
Compilation timestamp:
6/19/1992 10:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9846

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file hdsetup.exe has been seen being distributed by the following URL.

http://www.deliveryconecptranch.com/6xrSd21Rd5RpltmpWUyvg12ECU4 FwE_2yxa8M8WNuA5twE_jtMSIgKZM8bYHedfpBUy7HamHqDWxN4AGtBflH3vjFHjgZDj8UU1VT2 42ja1YzneoKRpx56hpra 3dL3o3IS_ZafGtIb_fW06gwEo4nWO6LrYCW5OtQaUsgb Vvf0DQtnOMthwCpUocH7xKtkgYnVrwcG1PSMqiqz66TMxnhwyHAnxEOWaHgbR92j Q21qAIba0FszFXY3eZElZHp3gn4zpidE02UM3Na6oO1SdkUZLpTIOD9aP_KMQo4VEjCCQNr0IVQ1FccJg_SSPgFJc045DOYVEmN7D55L9NHDNzrrvqdo7QQ9jq45DBy0xZy2dnBgMsq0MiwWGsxvGegu0IsG1bGaBAfcSDO45hhZKh2nZdcK1n0e4hB3nsI2IxCuToWXATblIhXLHed rbRaMUcGwKvs6fbOLAAqBR6DFS6G0QZbfydikxgmPDHWN6jNDYzn5QPHGVbQwS7ViJ m2J48oux2Ip8oLyJX9okLK7L vQyED1hDNlgqTyFjVa5cSKEh5fX_j9ThRWGLM3KtzhnOhxDUBG4O5u07hjkRrNm0rCm3Tox4vNF_dbh1Uzbg4is_zyF0nzDutGJK1zDuzo_piISvfN_feWFW8IgRrz_W3D0BEub9sib_PqBsQ_moIKIfAArJR4oWdtdOVNFAXkskTmB bOWJT mFy_rNU_ImtZIAm0SXka0YiHloVPV1m6 stXrh_PYYW0AzLNSXV48KF o_r 07NIIKnCWoFiqnOaeat0v8zWmBBOGlXzpxWFGbMiiX0KPPKs_9QDjY41A6 gjFIJ9xFDdPWEFeZdMaVQCC09RmjV8A50V7hp5MxBiF2AyKCQI1mC2b_MI6JzyRNW8 HaI8ZMC_tGVzCLXBC3a0lT8Qrlq4rYWvLWO0EttOEQXShMjTbw3D7W7aJ

Remove hdsetup.exe - Powered by Reason Core Security