» instagram.exe
Overview
Analysis
File Details
Downloads (1)

instagram.exe

Goca

Nummorum

The application instagram.exe, “Goca Setup ” by Nummorum has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.megagiftcity.com.

File name:

instagram.exe

Publisher:

Nummorum (signed and verified)

Product:

Goca

Description:

Goca Setup

MD5:

53df670b1fe52897f881c7e26f86b580

SHA-1:

83fb1ea144648e7bb5ecef8fdf7af2a7867c7fee

SHA-256:

7ad1ee80b575cad60c409094555c24c0ddace1a9286cd3043ce8d6c66dabe79f

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

1/13/2025 6:29:12 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore (M)

17.3.11.19

File size:

1.2 MB (1,247,808 bytes)

Product version:

3.2

Wizard Application

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\instagram.exe

Digital Signature

Signed by:

Nummorum

Authority:

GlobalSign nv-sa

Valid from:

5/30/2016 2:14:51 PM

Valid to:

5/31/2017 2:14:51 PM

Subject:

CN=Nummorum, O=Nummorum, L=Leusden, C=NL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121EBC3ACFB4E4B6AE7D7966A49416BF44D

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9843

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file instagram.exe has been seen being distributed by the following URL.

http://www.megagiftcity.com/Kh8DbmCHGj5G6NvzVkcmRx2oyNT _NaDUIJrS8qfeshSJwEZu2it7HDnpaCmoi P9x6yZq9gPs2i2oAu6TYjrqp81SiV5z lJDwnopMB Dmb3GJFuRO34Yoa7B32P6dcrDez7hfjxl hMADoavD77Z_iw7Kda8vfSIoeiTpq2USqbx IJ98f8Lrk9BvBKRtG55KPjHlk7lMAiR5KSR6hmmGsO1ZY1w==-Gy8AAERPPS ct0hPNDPZYCIH7LVEDorvqfNA3Xi12ZDSgP_5gTk50iUMG9yl4gM=

Remove instagram.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.