hdsetup.exe

Gomeha

OOO ELEKTRO-KOD

The application hdsetup.exe, “Gomeha Setup ” by OOO ELEKTRO-KOD has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.deliveryconecptranch.com.
Publisher:
Cobopuh   (signed by OOO ELEKTRO-KOD)

Product:
Gomeha

Description:
Gomeha Setup

Version:
2.5.3.7

MD5:
13ade538ac11ca08f575190429e294af

SHA-1:
a0627a73927d69d25821af5a6762c2b2ef2d4aeb

SHA-256:
67bfdea129eb4231a3e3b564a4e4d819d398603a89028ef4dcd7cd847bdcc869

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/26/2024 8:09:35 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.15.2

File size:
1.2 MB (1,239,416 bytes)

Product version:
5.1

Copyright:
Lite

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\hdsetup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
4/15/2016 2:00:00 AM

Valid to:
4/16/2017 1:59:59 AM

Subject:
CN=OOO ELEKTRO-KOD, O=OOO ELEKTRO-KOD, STREET="ul. Ibragimova, d. 35 str. 2 Pom I Komn 14", L=Moscow, S=Moscow, PostalCode=109428, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2EC7061CBC4E49BEE7F530967BE4F7BC

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9846

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file hdsetup.exe has been seen being distributed by the following URL.

http://www.deliveryconecptranch.com/q5l1_gTKOgYHcwOyAHnriDEOIqNTK3mjZk5fA62aTpJaLgC9 OM3Euka054QMamOTZk7cQUaqnyFl32PJjBR7get1JhCfnyN_N2y2Cr2HlZDOlYgnAER0xcM9WT0tdmnQ24LqOJQlOhHILbjyDmxkZ5dYfLDMXU07M6172jQtK17CgiMPv2rBfeIv7_gIkZFXwkrkw6UcWqiBjwSCNB4Lm2S3ynxDTtesMhZ 8oYOV2Kwwi5Z4OHU3qdzcO3kEcwdjl4GQx9dWHtoxLO3 WKROcCqeYzfBU6zImOm_FIaUiMLU8N9KOHmYKF7UMEgA 6S4yDX7LoQ9NMBlod9jg1gHrh2dfXC5CTDweccwy bgAVjTt3E8ZgQPJlsqT_5ZHLxBZUeSTgeMWfQQ5bXF1anzGJs1T1RgDIK1_uDFNF4KVeqY1tzMeSd0aLVA53rw5WpXD41Fp2sfGdzmQKjXBvJNRc5 L7TxAARjnauGVoQU1Wxz61mDKfCJekuCn591ygoa6pSp4VEbJHPBHAVRrqO6fD1GgXaIoFjZq0FpExoaijSS tt7vSavwBKXaaC2rMzZMG w _6KkxSGCLmLeQ4O_VbbGlEfDgh21_vU1 O0W9J4wxxxmmtw1tVPCNj0DFLHaj4y5Wx0H6fMuWS3Z6qePpWBboXnSLlFZyyH4V0LoghIQfhFzKFneByS2ffDgNpqOERn6BMnlbDmc5fAGa g8_RMwpCVFiUz9PYB7HmutXGvE125iMQFqjUdIulhbTn qBWPAyPX3JKtvgt1lG4AwdrBab4KmWSH75cVGTAML_oHxLXvecdyUYFd pcLiId9arQ7gQJ_T5ATDZFHZjRVYqTm64MPpHiPIfawl78EVLn46NeUInt5xGbeSK31t8MzKDMqJC_82HYvkMwNOJLoJ2j2HxbfOxeooIfdkDUa6NinzGmrKNWTRAMhHwy9LZ4zUp

Remove hdsetup.exe - Powered by Reason Core Security