hdsetup.exe

Sac

OOO ELEKTRO-KOD

The application hdsetup.exe, “Sac Setup ” by OOO ELEKTRO-KOD has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.laboratoryclearworld.com.
Publisher:
Gepap   (signed by OOO ELEKTRO-KOD)

Product:
Sac

Description:
Sac Setup

MD5:
4b61b0e45d360ca6e94f3cfe0ac56a23

SHA-1:
f20cc2ac00cb500301da499577c6bad2622f1afa

SHA-256:
63acff6031319c0e62ec4a3f4705617f6508df1481efbccc8f8547f612e90454

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/15/2024 9:51:41 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.15.19

File size:
1.3 MB (1,325,384 bytes)

Product version:
2.5.1

Copyright:
Soft

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\hdsetup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
4/15/2016 7:00:00 AM

Valid to:
4/16/2017 6:59:59 AM

Subject:
CN=OOO ELEKTRO-KOD, O=OOO ELEKTRO-KOD, STREET="ul. Ibragimova, d. 35 str. 2 Pom I Komn 14", L=Moscow, S=Moscow, PostalCode=109428, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2EC7061CBC4E49BEE7F530967BE4F7BC

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9854

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file hdsetup.exe has been seen being distributed by the following URL.

http://www.laboratoryclearworld.com/QaWFdE6UhC4Fx5x95rE92W3lDJaaoCXdjF1IOYxNbbxSeBOtAXt9OVmpBTQjd rbZrYfvMMqZKY5QB872oMXAE3Mz2Exh5umcTvx2SYEIfnoANkkwxiuKi5hnM52ff_b1OTmwIqUh4HrM0jY2pc7cEKRWKeIsN745MvFV2_BzkzV5LYl5H5N _4UNvPn1knv_nYpgsIw9T0boR9tDzWKBmtZE6lpaDGINxEB3koP1 wiijjWVM6EzfC3ezVDGbHgX8_GRtufz25mdOy7qnVd79lavbb xWsv_09NkCieeMCcrhbBA2hBY8jL9z8UveW1xfnKesrN2viduLQ7bg0EP4PYOzcj5dQhZxDEpedmB2gN4LKMMCYHZCS2i6sGgVb1zYQa9dQ6qNPlfbAcs3ND8rb7XbYktcOiUjWB_iLeVCsNtMXgBV_v zooOw_WSg8dxlAarosB8F4a4nmw1DFdP hz3P9kRBnjGVo6YzsCGtGvJTL9 n0phiFl2ztfWiGol0yADXy85ZzaN6lOWlKg6WngO1uIycNHNPh37aW4mOlAPupKYxQAgOhbAezKEH1tIqMImTHF_EapCL1HnocvBEF4R7saqvoR4eNeYmItaQkhn3NueYUZxa8Vf PXiSCYEeMqUWNmazmfi3fPeCFo6OYhz3dIwrssq 1HIC8AKNDRMXtMQKJ7WNVOvzc_EtdYaCvzrny2AHEjDmcsvoAj2r4aPn1Jmhfnb8QkqZk_yf2hvPDW8jKfHPcq7rUfEMH3llR7qyoinRLVkvXN5h2ZvzRqD5Tgr2Ze7LwUuAedA2Nvg8RN vy8cm0Injcc1Ql2vklBSBBbjB6G3LApbi6GwTkNtzn_WQByjiVoFfouBOf 7S1ccRKuLlKvyGaY0Fj9xq5Dx3P5QKtlvMKDMFhqfhAHox4aLVkhMXFX3OkL1Xnn3fMPq7MwZciap17xaIDzl2Zv

Remove hdsetup.exe - Powered by Reason Core Security