horizon-setup.exe

Web Program

Daring Development Inc.

The application horizon-setup.exe, “Web Program Setup ” by Daring Development has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from mega.nz and multiple other hosts.
Publisher:
Installer   (signed by Daring Development Inc.)

Product:
Web Program

Description:
Web Program Setup

MD5:
19aeba7719511605742f29adbdc9eb73

SHA-1:
ceaafb4f77857c79c88343a0135c524d83a8631d

SHA-256:
8f957a421ec56b77ec8bc57e48190331dda9a965e553291e29fd37d88830b0f3

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/23/2024 7:43:30 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.1578

Comodo Security
Application.Win32.InstallCore.KT
22698

ESET NOD32
Win32/InstallCore.WQ potentially unwanted (variant)
9.11905

Fortinet FortiGate
Riskware/InstallCore
7/8/2015

Reason Heuristics
PUP.InstallCore.Bundler (M)
15.7.8.11

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
3.12.26.4

File size:
801.9 KB (821,104 bytes)

Product version:
1.3

Copyright:
Installer Software

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
10/19/2013 2:00:00 AM

Valid to:
10/20/2015 1:59:59 AM

Subject:
CN=Daring Development Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Daring Development Inc., L=Mamaroneck, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
459F52EE0DAEC49DD60050DD4433D2C7

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:Ocu5zWVnnNS5dHT1YnV+8oEzI5WYBMmVw8NT2:OZVECdHTD5WlQ6

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file horizon-setup.exe has been seen being distributed by the following 5 URLs.

Remove horizon-setup.exe - Powered by Reason Core Security