» reneevideoeditor_installer.exe
Overview
Analysis
File Details
Downloads (1)

reneevideoeditor_installer.exe

Dumumi

Rene.E Laboratory Co., Ltd.

The application reneevideoeditor_installer.exe, “Dumumi Setup ” by Rene.E Laboratory Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.presentsafegrab.com.

File name:

Publisher:

Danobo (signed by Rene.E Laboratory Co., Ltd.)

Product:

Dumumi

Description:

Dumumi Setup

MD5:

6d7517416da211eaac34a69cec388341

SHA-1:

0953cbc511a3d1e54b645d436e7a054f58133843

SHA-256:

f164db93606f559f97986fce2307b997a553398f0ded6b8c4af3c55943640046

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

11/24/2024 1:54:23 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.CSH (L)

17.2.22.0

File size:

1.1 MB (1,192,656 bytes)

Product version:

4.3

Internet

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\reneevideoeditor_installer.exe

Digital Signature

Signed by:

Rene.E Laboratory Co., Ltd.

Authority:

Symantec Corporation

Valid from:

4/14/2015 2:00:00 AM

Valid to:

4/14/2018 1:59:59 AM

Subject:

CN="Rene.E Laboratory Co., Ltd.", O="Rene.E Laboratory Co., Ltd.", L=Jiangmen, S=Guangdong, C=CN

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

2B3F1F65059780AF531FF901575F415F

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file reneevideoeditor_installer.exe has been seen being distributed by the following URL.

http://www.presentsafegrab.com/ y rTtuOkm3HtdB2fcOjOTIvogLU9xJ41C12EJOrOX6PlAibAItO uYj os6B8Y_0na3uUnr6q7fsexjtWEj0MjF68PIuSjl7TRh9MoMxiaKyYQNOhKpznxra2rw3ppGP1_UBdhksL0j0knmjSNl8Y2_EX9h2kIhVuKez1Cd56JXLEvETr4Ko5xUUSafjAmtOjPlC1PVNJnTjl4nyO91QtWeUGhmPPrWz3SLbORg7g3FX4OGZ6oEUPcbyz_pSqj3InmvKjn11tOjZKIvRDhZ70wnJqN2pafU9or8FP244oO6MHyI8o Ox8WY3w99Tf5ozWNiBGZr9fHF59TtDrIoV5PVMCta0K_yd3tfkvJa6x V74PvAeEr5LOy6BQtGPXFyAXW2LMbT3H8cm mgNL8qaqtIUJgK9CemJJzm9hbChaRzVLNauutsXB3TuQjhImGBxRdWBDFJ 9Qe3qY0RishBrUaKXJ5Z 6JU6KK1S4nLv77Ntxsg1g8ohKLR8QTIzDzPBPPVZcp1hnZgvB0h2zekagtTVhLs069bL5ZRbJPuLXLX957lJ429_8MTgMG0DtPT_GHlMr-GzgAAATEbbG9NJvJYJXLFw7i4T4IG3DgVBCoDnY32AbixorGk TC0V3V4JxuRDOvyNW1eCV8AA==-e

Remove reneevideoeditor_installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.