home

passport_photo_maker.exe

Ginapaho

LAM Proactive And Investments Ltd

The application passport_photo_maker.exe, “Ginapaho Setup ” by LAM Proactive And Investments has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.newclearchuckle.com.
Publisher:
Nema   (signed by LAM Proactive And Investments Ltd)

Product:
Ginapaho

Description:
Ginapaho Setup

MD5:
59049a647c4213f3f0a47b63d3047073

SHA-1:
74cc411b89c56e8532183f2892c4cf32efc8e5e8

SHA-256:
e582253e45bcb243a3e0c99bb051302e65dfe541f0a484b7c90ec52a575dce05

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/22/2024 10:07:47 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.16.1

File size:
997.9 KB (1,021,824 bytes)

Product version:
4.7.4

Copyright:
Software

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\passport_photo_maker.exe

Digital Signature
Signed by:
LAM Proactive And Investments Ltd

Authority:
GlobalSign nv-sa

Valid from:
5/10/2016 10:04:53 PM

Valid to:
5/11/2017 10:04:53 PM

Subject:
CN=LAM Proactive And Investments Ltd, O=LAM Proactive And Investments Ltd, L=Herzliya, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112169523491FA6C7A30991E1A2D83769865

File PE Metadata
Compilation timestamp:
6/20/1992 6:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9140

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file passport_photo_maker.exe has been seen being distributed by the following URL.

http://www.newclearchuckle.com/g6D9yN3qkkk36L3SUslp_8jj3OzKLRIPb7Pp3tTsjkq_jtsS65hwQpWFsmscM7M8k8sVIxDEoPAxQS4uh7510IIf6e8zicCi6JX5G0redb1X6FkALUhvF_KosjvLhbZesJd qIotuVQ31Z7fSaf 4NIqaYKAccxZLwqBnPfBbXQ82HGyk_Ihi9oXrQIS4_60zldiAAfQ-G4YAAETn1poRQ2Km DHHHAF0IFCTA4dfD62ADjzgPLagbjj8sFKOkk0S05gnlVbhZEAi iRpEGA9k69Cbf3n6u o27mVLWVIawW0M7rRr1gcv6En8wA=

Remove passport_photo_maker.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.