home

lightworks setup.exe

Fubager

Install Safer (Install Manager Limited)

The application lightworks setup.exe, “Fubager Setup ” by Install Safer (Install Manager Limited) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.giftdeliverybinaries.com.
Publisher:
Install Safer (Install Manager Limited)  (signed and verified)

Product:
Fubager

Description:
Fubager Setup

Version:
5.2.5.2

MD5:
46f8dc3473d73c99bb6951e6306cef31

SHA-1:
372859602088e5f9ee6ed22778e95d2d25065a1f

SHA-256:
723d097682f9e7687d356fdcddfc19a01f2ce85c9908a0154808550f6a95427a

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/16/2024 5:36:40 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.Installer (M)
17.3.16.10

File size:
947 KB (969,760 bytes)

Product version:
5.5

Copyright:
Program installer

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\lightworks setup.exe

Digital Signature
Signed by:
Install Safer (Install Manager Limited)

Authority:
COMODO CA Limited

Valid from:
5/17/2016 6:00:00 PM

Valid to:
5/18/2017 5:59:59 PM

Subject:
CN=Install Safer (Install Manager Limited), O=Install Safer (Install Manager Limited), STREET="Level 27, 188 Quay Street", STREET=Pwc Tower, L=Auckland, S=Auckland, PostalCode=1010, C=NZ

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3DFEAF63B1841C27FF7F4E168B93D45D

File PE Metadata
Compilation timestamp:
6/19/1992 4:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9348

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file lightworks setup.exe has been seen being distributed by the following URL.

http://www.giftdeliverybinaries.com/GX1VvDt1Xy1gg YCBdmG7sCi8PkuUhs0XsaVgieNUy9m9olAZ272hZHf6nz bgzht376V37LKr38SGuplRw mo pF0I4fSzdfNUvXF1IAIhyLJBy4ikYoI5JClyztYRngpjnKZBuU3ez ezd0Q LBxw2MQ8cAKXiYioWJMC 2dof3LiZXr5tuwfXnjHs6aIDDpOLyta73MafpYxcnoKIqtY4zTycjxs26JqHIFgYk0_2wJNRvHnxYSohtz UMfXwmPXWgU_NRoeSXcyoxMBAjPvB9bUo8 nddZE9sOoATpNfmwnEb3c8BHp7CkoeCatC1g0S XAIL_mK9XpE n2Zm0Uy1E5fne_dsJN1GowmMmRWU9lTXspJX7hhNMSne2c0N8SG_FWTrvZ9CmpGBjuIDaTfIZmrvQfzHQMMNHrb2gnYknNdD3vGdJOaXSdthfuocjRc0Vrh gcJfeOue3kh8TXsHWfGCxQcPu791h75o2LI7kJvGkUL5_CAJGLCUM1QJj1Kxn71mhOeKzfp0P654pSb6e1AcfNKmq 0pnqH0iBvqKXWCfJax_7uMmtQ_KCLB_cBQ3oBf1 qw7vnVOvmFIGzXlnj668XYaZIcoA1frmyzfQH7C11m2OeCwXbvEQkHCSNCFbws3r5HiOiGxr6_IrieYVBODnUiTevQ16vrF2fABs2gx1SuBhVu1desjJR0QvzqiQ5KyCyCqfFnLTkdEogFBZYWQ==-G0kAAES3 X3y93V43SEKBakLEnSDA_YCC6xEs4gmHzbGRucWTimn6iGB9o_3_SBws3FM 7IilkFDkrQTs0FTnQ4x2oaL5gA=

Remove lightworks setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.