» mp3cutterjoinerfree.exe
Overview
Analysis
File Details
Downloads (11)

mp3cutterjoinerfree.exe

Nopumalifo

Huaxinwantong Beijing Technology Ltd

The application mp3cutterjoinerfree.exe, “Nopumalifo Setup ” by Huaxinwantong Beijing Technology has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.factorycapitalstock.com and multiple other hosts.

File name:

Publisher:

Purek (signed by Huaxinwantong Beijing Technology Ltd)

Product:

Nopumalifo

Description:

Nopumalifo Setup

Version:

1.4.2.6

MD5:

384f3b693968635d9d33371e8490bd7d

SHA-1:

bf08eb472abebf08ab59a705464f983e29aaf5f7

SHA-256:

0fe5edf591cbc2e469f9f6a76c653747a4bd6adeb2147ce654c14f51ee0842f7

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

1/13/2025 4:00:04 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.Huaxinwa.Installer.Meta (M)

16.6.30.13

File size:

906.5 KB (928,248 bytes)

Product version:

2.0.9

Fast Software

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\mp3cutterjoinerfree.exe

Digital Signature

Signed by:

Huaxinwantong Beijing Technology Ltd

Authority:

COMODO CA Limited

Valid from:

3/24/2016 5:30:00 AM

Valid to:

3/25/2017 5:29:59 AM

Subject:

CN=Huaxinwantong Beijing Technology Ltd, O=Huaxinwantong Beijing Technology Ltd, STREET="Dong Balizhuang 54, Building 2", L=BeiJing, S=BeiJing, PostalCode=100025, C=CN

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00C31292C6449E082B3FBF99E310243E2E

File PE Metadata

Compilation timestamp:

6/20/1992 3:52:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:3ti0NiGXIAR5v3nWi+dZKEUQq3p9UdRC+8Y4:3EcbXV/t+dZKEVq5b+81

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9345

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file mp3cutterjoinerfree.exe has been seen being distributed by the following 11 URLs.

http://www.factorycapitalstock.com/dzpwt4j_h O5 FAp0ff04sSoXz4yteoVL2RcYfsDvuI6pi02gzsLyPRF zUhlTAvgXGz1j6kM77n5vjKdJMXuy5ptnvWVIQK3StjdbrwMznfSrjD u1KMGQ0gBOBCkxkTTEwP9oBhkjSjRO0pI7T4xxZcN8U1Sbw g7bEtDtvZQcV37au gHu1sKh3JukV9b9ZdYCoizGIH9PNOvIpLIScmw1pTKfg==-G1sAAMTvJj9uNdwwRhQR2RvOG45 rouccvNAra2AAmu7HOyO9xg7C8KgN b4Nutewp1Iv_MQPzNojECxkYGrWF8qBRbyFxXoqTl8AA==

http://www.factorycapitalstock.com/_SW2wEb_5Kop0GcOH1gyUUO0m6F9YVpg_DV2DixYiA0XPDJe13lJYsbGcoBO6obD7fadju2zZu4lNj08f33vWSD4tjdBoEZ8UFs6Mcx2FEqpWuCHHPRDp29RQWVmtLOZGj_597RP26gcA_S OqIsbqTWM5chTI JM7t1QMsTOrqSyeFgAYgOsvtyKGvEoapC4yhNjltSPsvGNUeP61opspPumbiJ0PvLPzrmlGUHqv33Tnjx25f7KKF5XeRnYKVlbpF17GBvYyO6cbf6fjECn6vYwZWwYKXKk0gexPxyF6gTIivsKllIVRwAy9qsJbjGDiIEI_TNUkLHv vF5fUa_nGYKUt8koANjfvtkgw OY1jFKWlOVIHjHHhbJ857_78wAiwfbHtMNxT0xnJBkpflfk8UgUfl7ePyFsoXC0gcAWjvWhW1ufbgytRGzO5hrxu8J1YtUkX-G1sAAMTvJj9uNdwwRhQR2RvOG45 rouccvNAra2AAmu7HOyO9xg7C8KgN b4Nutewp1Iv_MQPzNojECxkYGrWF8qBRbyFxXoqTl8AA==-e

http://www.taggiftflash.com/94MFNZXEFPkx4e6NhVNcHlVi5ioSp1UR7VYZXZu1NqoarccVZHFlncA0hobtOm3F2 BywLnzf 98jadP3afxAx7j9O Ff5nCWCRK7HPuFBUlcapssJ_0LtJTvcn33rOmK3nzUUYhCTyC nEr6JTv5pb51GCMsSEQe9_LTW4n1lWFWJ1P4Uq2_RhY90WTL hsaQaTn cA3FGY3L WrH4ECiNWVSg_sQ==-G1sAAMTvJj9uNdwwRhQR2RvOG45 rouccvNAra2AAmu7HOyO9xg7C8KgN b4Nutewp1Iv_MQPzNojECxkYGrWF8qBRbyFxXoqTl8AA==

http://www.taggiftflash.com/xHJFLxxD9RkgvEA qSEavZywsxe0BhpKY_c1Y9VwBQRuzQOueal8DqjSQn3Sj8tttVZ4HiCROdvrfhbq3t9ciEoezg8iefuyR2ja68tAqi8y83dylJuuA0lPOUWYEIOdLe8yuT1pXfsq3rQ_Msloq2pUWJN0CM6VmiXfKoiJwquvx0TptZRV0SS2_8fhYYs7ZdeZT5LLQP4oQWPIn59NKr73A0LwrQ==-G1sAAMTvJj9uNdwwRhQR2RvOG45 rouccvNAra2AAmu7HOyO9xg7C8KgN b4Nutewp1Iv_MQPzNojECxkYGrWF8qBRbyFxXoqTl8AA==

http://www.funtourbundle.com/GJplhclwpEfpxAH1FVFlRlguHx Nh5UjZL079ywhREUtks_gTu UmgsLmubjJQQPOsiFGnMJCxEmRd6OwdwJCH6qhNnYGx2KWetmG4hy9Tm4Oh7FRI7F_UMsPi1ZACoGxgE1wKwYboGrT2n7D09I uGdeg1wZtymnx5bvEG23892B9YqMMlguz2 smq9yZOXKasQg90xx2OWHAvkB84I76wcr5o_Bw==-G1sAAMTvJj9uNdwwRhQR2RvOG45 rouccvNAra2AAmu7HOyO9xg7C8KgN b4Nutewp1Iv_MQPzNojECxkYGrWF8qBRbyFxXoqTl8AA==

http://www.taggiftflash.com/0PWiEnJARQQaa7Q8_3eD1mows6hCzfstj8tmX69lhgA4uOw1WOGzJobF6uEWeIoXCILw0p7JlrYF6oae5sjHGW1ZHxfBESxNFFKek1uN0DVSCBmWv8N4TPVoQoJd70fn8Ip acY25YvRsGyrFGstN9J1ikaP3aNPh4xW3iflyNovRx4J5w2U2JnvWwkTytPoSscDfRmd_xseAQI6IVTqk2jF_MFV8A==-G1sAAMTvJj9uNdwwRhQR2RvOG45 rouccvNAra2AAmu7HOyO9xg7C8KgN b4Nutewp1Iv_MQPzNojECxkYGrWF8qBRbyFxXoqTl8AA==

http://www.taggiftflash.com/mw2YWQaeYDduIBbfXhx4l s139yFuH4wmohcYlHyJGTIUHGLQDcgGfEgnPJ38tK1qYZJzyRDwakkPySaf6RYyj7IEzJYD7S1xth7x Xno9aXXS6gj16RmL1dhsSifNtJGLeoxGiDKrBDnUrvMeZVzY9kNAI4w71LNY8E5SPe98EGCj8qJ3ncAW72gcnpxjoPDplqdylxzzqmp6pUuohsADzVPcN0Hg==-G1sAAMTvJj9uNdwwRhQR2RvOG45 rouccvNAra2AAmu7HOyO9xg7C8KgN b4Nutewp1Iv_MQPzNojECxkYGrWF8qBRbyFxXoqTl8AA==

http://www.applicationmegavault.com/br0kohjvaro7yFPGVdQ3YYWrdhR3_PMMaaUbEkGXAY8GD95JrjDa WYGLhYZNTftPFL9cHisK7LzB E0AK6fdTH352vIzbE63Ox53bmHknl08QxXkTMshYNlNmnrrfRy2 DFSVnfCn xumAQomViOliDaK5sMz8MXK796GCSQAyKAAHz padvF_vG4uvetsysNwqLeZpYYhhUrlwKkyhGBBgOwr1Zrh4v3XgmxHbjHIpE dGVuGUlg5efEeivyfsq0nORzDEkiaIxL8_VhY0QdrFxMKok1cCz SHdpi0c1Vxhb2Yn0uEy1kqpUcLMkO2Nw1veevj3j8Zhx9oKi3qunP mOv91TBzFRCDsD1I9 T0UCj6HnkU1WDVHGFA1p63rpwk_tBQB8alGiYw0W7Q2I8afMHthirPwZwDok3A2B9nddYWdOz6qTWDPTX nEwnWT2hlBqt-G1sAAMTvJj9uNdwwRhQR2RvOG45 rouccvNAra2AAmu7HOyO9xg7C8KgN b4Nutewp1Iv_MQPzNojECxkYGrWF8qBRbyFxXoqTl8AA==-e

http://www.factorycapitalstock.com/n3d1B5qM6wcCVUuePe5g15Y38fTuB1CKUFctPMRQOa4OiPDyLsu66g_t2DJyerrAuy2wwYoNhbfxJmPWWAGflBEvW7jdv0IggSt4n5l7QbSrinnXFPSFZ MO0b chV57hoDTkc DN0IUsOLvnNkiPeqj8nnSNGix xpdehLaUia rNZ4sltfyTrF8ygMamVD2AEwjCq nt4Iwk2oq 9JhVsFzDreIw==-G1sAAMTvJj9uNdwwRhQR2RvOG45 rouccvNAra2AAmu7HOyO9xg7C8KgN b4Nutewp1Iv_MQPzNojECxkYGrWF8qBRbyFxXoqTl8AA==

http://www.funtourbundle.com/KtfTMR08W7P2jBrNaNr1ZY7tDV8_LOZfii9zn7opr3u9fTGir3d8g7xSmJmzPbKhKJpKTqiZuzRzRIPgj4fYAlEW TyuUxWqq5I68iLmXwgAVFjfMKk8wuqqsaYJQB1foDR4c1h3rXxq6XVRQ8rpKdayuo_4BZoLh1kiVDGg40IYHHRtW9cAtMrb7ovUqR3mOj161PyUpbGI5IZlOlMj2QGaoPxM2A==-G1sAAMTvJj9uNdwwRhQR2RvOG45 rouccvNAra2AAmu7HOyO9xg7C8KgN b4Nutewp1Iv_MQPzNojECxkYGrWF8qBRbyFxXoqTl8AA==

http://www.funtourbundle.com/dQyfsF8e4gEIEUk1dmcxbLeIWhqk0z_oCN4KS6jWLJ wDU0CAZ2cUjJLGEcVuNWvauR1CBtDSG5cmx2GajUTKOQE_xLnih3RbTPwKVrga6Vo_129HzlEsMZgRDo2tmE6zsEB5jCg9WFfd5o0JzurCvzUSyKrakEqq31raU7rYoHKRCYco7l5Nl6zT5GnL5XNfjxT2GBw3_KwmwZv9XWGEjhMWjtFtA==-G1sAAMTvJj9uNdwwRhQR2RvOG45 rouccvNAra2AAmu7HOyO9xg7C8KgN b4Nutewp1Iv_MQPzNojECxkYGrWF8qBRbyFxXoqTl8AA==

Remove mp3cutterjoinerfree.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.