hw32_544.exe

HWiNFO32

Martin Malik - REALiX

The application hw32_544.exe, “HWiNFO32 Setup ” by Martin Malik - REALiX has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from download.fosshub.com and multiple other hosts.
Publisher:
Martin Malík - REALiX   (signed by Martin Malik - REALiX)

Product:
HWiNFO32

Description:
HWiNFO32 Setup

MD5:
f40ce890bd8796def3e7c4812a8adfaf

SHA-1:
af330c05c6f6a0fb82717cab0db9db3888fee38a

SHA-256:
89d821d086e3976d990438d1cdbdf720280ac86d26fd1d5afac245523649fab8

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/27/2024 1:58:20 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.IM (L)
17.2.1.9

File size:
3.5 MB (3,644,440 bytes)

Product version:
5.44

Copyright:
Copyright ©1999-2017 Martin Malík - REALiX

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\hw32_544.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
7/27/2015 7:00:00 AM

Valid to:
7/31/2018 7:00:00 PM

Subject:
CN=Martin Malik - REALiX, O=Martin Malik - REALiX, L=Malacky, C=SK, PostalCode=90101, STREET=Bozeny Nemcovej 2291/28, SERIALNUMBER=101-15930, OID.1.3.6.1.4.1.311.60.2.1.3=SK, OID.2.5.4.15=Private Organization

Issuer:
CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0A0E779F8D20CBF50A9A2B082CF75E32

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD...
 
[+]

Entropy:
7.9946

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file hw32_544.exe has been seen being distributed by the following 3 URLs.

https://download.fosshub.com/Protected/expiretime=1486932785;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9IV2lORk8uaHRtbA==/adbb181ef5cb94769fcda91fdc2222530f5803f52427f8ebc237e3464ad68c40/.../hw32_544.exe

https://download.fosshub.com/Protected/expiretime=1486510513;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9IV2lORk8uaHRtbA==/f420c4c11e3800ae54fb82d5bf44ec0427f0880c33ad068eb803bf3df7975745/.../hw32_544.exe

https://download.fosshub.com/Protected/expiretime=1486148038;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9IV2lORk8uaHRtbA==/fabe1ac091417857763b2c6f25f9075ca246c57b09be4b9b2fbaa2eb7ff5f37c/.../hw32_544.exe

Remove hw32_544.exe - Powered by Reason Core Security