hw64_544.exe

HWiNFO64

Martin Malik - REALiX

The application hw64_544.exe, “HWiNFO64 Setup ” by Martin Malik - REALiX has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from download.fosshub.com and multiple other hosts.
Publisher:
Martin Malík - REALiX   (signed by Martin Malik - REALiX)

Product:
HWiNFO64

Description:
HWiNFO64 Setup

MD5:
8745217a0e51d5eedc32f74246b236b8

SHA-1:
8c2180f849981c3fdc2f737831ddefc80e199c62

SHA-256:
afdec8d943ee108e27ff92f3a1984cc22cb5a6b9d7697df7b7c5b022f1f1fd34

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/23/2024 9:56:58 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.IM (L)
17.2.1.11

File size:
3.6 MB (3,782,064 bytes)

Product version:
5.44

Copyright:
Copyright ©1999-2017 Martin Malík - REALiX

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\hw64_544.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
7/26/2015 9:00:00 PM

Valid to:
7/31/2018 9:00:00 AM

Subject:
CN=Martin Malik - REALiX, O=Martin Malik - REALiX, L=Malacky, C=SK, PostalCode=90101, STREET=Bozeny Nemcovej 2291/28, SERIALNUMBER=101-15930, OID.1.3.6.1.4.1.311.60.2.1.3=SK, OID.2.5.4.15=Private Organization

Issuer:
CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0A0E779F8D20CBF50A9A2B082CF75E32

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file hw64_544.exe has been seen being distributed by the following 3 URLs.

https://download.fosshub.com/Protected/expiretime=1486377800;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9IV2lORk8uaHRtbA==/2cce220bc1bbfa3ca26ab9178b5ff5ad4a1079ceee9722e7ff0a5ef392595f40/.../hw64_544.exe

https://download.fosshub.com/Protected/expiretime=1486148038;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9IV2lORk8uaHRtbA==/c4c4e26af5a46b80e223ce87c53f3a0d21a7b953e1d1a3206a5d443b3b52af88/.../hw64_544.exe

https://www.hwinfo.com/.../hw64_544.exe

Remove hw64_544.exe - Powered by Reason Core Security