mp3-audio-recorder.exe

Pistonsoft MP3 Audio Recorder

Korzh.com

The application mp3-audio-recorder.exe, “Pistonsoft MP3 Audio Recorder Setup ” by Korzh.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.pistonsoft.com.
Publisher:
Piston Software   (signed by Korzh.com)

Product:
Pistonsoft MP3 Audio Recorder

Description:
Pistonsoft MP3 Audio Recorder Setup

Version:
2.0.0.0

MD5:
cadd2b3fa4765f5573e1f4552477224d

SHA-1:
ad2280f121582f58f37fcd21e1a683e194afc4ac

SHA-256:
42b76aa53527b8f2106046789e7742e6e3c5a8b03d8d9035ca3153e99fc3fd48

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/25/2024 6:20:33 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.CSH (L)
16.12.26.15

File size:
4.1 MB (4,303,680 bytes)

Product version:
2.0.0.0

Copyright:
Copyright © 2013 Piston Software;

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\mp3-audio-recorder.exe

Digital Signature
Signed by:

Authority:
The USERTRUST Network

Valid from:
10/30/2009 1:00:00 AM

Valid to:
10/31/2014 12:59:59 AM

Subject:
CN=Korzh.com, O=Korzh.com, STREET="Lisoviy ave. 35, 196", L=Kyiv, S=Kyiv, PostalCode=02166, C=UA

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
6DF1F1B8FAA553D8A09BEDF8209864E9

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9984

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file mp3-audio-recorder.exe has been seen being distributed by the following URL.

http://www.pistonsoft.com/.../mp3-audio-recorder.exe

Remove mp3-audio-recorder.exe - Powered by Reason Core Security