» home_plan_pro.exe
Overview
Analysis
File Details
Downloads (1)

home_plan_pro.exe

Gaf

LAM Proactive And Investments Ltd

The application home_plan_pro.exe, “Gaf Setup ” by LAM Proactive And Investments has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.bodyheartmega.com.

File name:

home_plan_pro.exe

Publisher:

LAM Proactive And Investments Ltd (signed and verified)

Product:

Gaf

Description:

Gaf Setup

Version:

1.5.5.0

MD5:

bc5ddfb893730b68cf4de56bb94a3638

SHA-1:

eacf59de32907a4df57c560d9c855344858b7b81

SHA-256:

3b542c883f00bf172dacdc6c718b44d4f103c8e514f5e2b41a3d824a2267bd2b

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

11/23/2024 2:35:14 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore (M)

17.3.15.23

File size:

1.1 MB (1,169,872 bytes)

Product version:

3.2

Program

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\home_plan_pro.exe

Digital Signature

Signed by:

LAM Proactive And Investments Ltd

Authority:

GlobalSign nv-sa

Valid from:

8/17/2016 2:17:01 PM

Valid to:

8/18/2017 2:17:01 PM

Subject:

CN=LAM Proactive And Investments Ltd, O=LAM Proactive And Investments Ltd, L=Herzliya, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE

Serial number:

73CF7C9535C901AED579B1BA

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Entropy:

7.9725

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file home_plan_pro.exe has been seen being distributed by the following URL.

http://www.bodyheartmega.com/I8AY7B3CGfBMVyCtSNroKxQgXZf0aH9D_J9PseNBy7dfY LsBFDm0rT1lTLrgBYNehe0cfPHXaBuJOowbh1SZX60sgZfAOG5XBB6UZbtH8dZlOJF v3rc3_Sg9u2C 97LGRjmdD5SfA0TPa70kPgr2Mv1BXyarAyf3MmD0 DtN2WTILuFex0uGct972NRs1wv88VfLwNNxSU3IYNiE6isJx9vwy9wr1gv2IWgukNkj2Khv2OPLzvWqBT8TI8g5UGSnC3wLTYy68obYUhrXaGH3FjAaRFjmmbhE8nKP7i0BaYntVkF3uTCoch2 CAWrLV_q sWXc97Dwd_I4npS5ISoeC42stNqjYojysB2gdIWAlb9k7VH8OzB HASIy1Su7QnJNs_I6xrgq4eUt6VKOdP6uhne9 13VbutuPgcK2MZHTI3eGS_ 0jxW2qdjAkyKe6mOj_45ly_1vKRmHXFW0_KqkvK5U36T49SUbLyAHaziM UH vy2lW0o2j 9WPvFdabNohjcaVLy s9GDJ_a9ZBM0sofgw==-G44AAGRpXUu7KD1cOgCdnMAB8ZW0gE7e0lQDDOqGq7JSvJLtBn6NyXtkyVC08npOXD 48vginxOeUFhIUygcWO3IuEUfksT_t5fv T9tH85PjYyUgf49VFLl mo xnxo2GF7

Remove home_plan_pro.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.