hdsetup.exe

Gomeha

OOO ELEKTRO-KOD

The application hdsetup.exe, “Gomeha Setup ” by OOO ELEKTRO-KOD has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.deliveryconecptranch.com.
Publisher:
Cobopuh   (signed by OOO ELEKTRO-KOD)

Product:
Gomeha

Description:
Gomeha Setup

Version:
2.5.3.7

MD5:
eb12ca44377e776c9f995ed1add29bba

SHA-1:
fadc0bb7fbd3dd1cc30a58147bfccb617cb46ce7

SHA-256:
2b6f5905af1dbcdc969514f48463333381b892a2a920930000815997bdc0675f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/26/2024 8:08:53 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.16.1

File size:
1.2 MB (1,239,416 bytes)

Product version:
5.1

Copyright:
Lite

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\hdsetup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
4/15/2016 2:00:00 AM

Valid to:
4/16/2017 1:59:59 AM

Subject:
CN=OOO ELEKTRO-KOD, O=OOO ELEKTRO-KOD, STREET="ul. Ibragimova, d. 35 str. 2 Pom I Komn 14", L=Moscow, S=Moscow, PostalCode=109428, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2EC7061CBC4E49BEE7F530967BE4F7BC

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9846

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file hdsetup.exe has been seen being distributed by the following URL.

http://www.deliveryconecptranch.com/imFbtX_kFL40Xxuh_eO8hqPWhocK24kEVQUuGEblaLGYg56n5dNs7dJc6DfQQGleOo2JHHe 4ymAKJ7a1cPncHZfzIvcp4Hz6KFz4xLsmuhD6ViEc2GHWKKh551bOHSUoMqbKzNyBRdv13IJqYDhoWQHCKpbNgw70bB3Ppg1rzMagRYiuHblDQrXzi7ZCkdyWg8jTYYjQL98XMdx8FZVqc3RrqNogX4dOL4jl6_fPF6C0nxiizkf p0EV6eb1feVn78G3x_iaY_ft0Hct24tX674LGqwfzs6RtMrtgCfUnLkzJaux17Dc4aiajf7UUhOpRgCtPoV7ZkE69r7VMnPcV9AahlQcnDIMiRqCuQLJxPYz1DEu1nIx2wQwNSJQ3SO_G4wEiy6zQRU9hrqUjTHhUe3qhcG8wrIuhvw67ARsaXWBQbeahLa_ApvodVb6G3jyQUgWanMlJNmZqEyYhWGO0dJku992I63kFgsX3UePg5et5FmrOhtEId8hzW8k4z6XVIOM31vzbiL5XYfvpCRYw8PgBNL0CrtdWVwM5OkX7sDMbM9S23LypG_Td39pflqJwD1Bk6m4dJ1rNbJ0iJQziUh8ijADOZwF_ayEbZd8Zn_ R1lCHnAio43H4axONEjUWDGMFhvsF27z9JgsEtL8uEXDZ5D8EN5dFR_pHGlVCtSSMY9EJ4mE6ODA9TiR4ANuH45IEHveeuQdAjmzsod3KHiuCxAjie9afmBs4Plp2WcoWrtxlNz3xR 3iA4sb3 GN5J7n02QFS7WmD_JmnR8LIb76SaYRFNbZo6b3a_5Bu037Y3h0gu1Jt5t5QLzVZhgch0EuWv2uUWz4ZQmd8wsA4DGTjRY6mo_7N mvYlyCggbLEUNp5E 1adjGcW4x66X56XIltBVX1XxwLG tdfSqhLWA0ySGyIeZo8ay8QdyZrvo5YQMaituNYE_1LHDjdOWn9

Remove hdsetup.exe - Powered by Reason Core Security