set_hnrmfrgr.exe

All Team Incorporated

The executable set_hnrmfrgr.exe has been detected as malware by 1 anti-virus scanner. This is a setup and installation application and has been known to bundle potentially unwanted software.
Publisher:
Credited Handy System Installer  (signed by All Team Incorporated)

Product:
Credited Handy System Installer

Version:
83.0.5.1178

MD5:
046ce2780a6f0f56e034e3f74ce679ff

SHA-1:
0968afa78fef9e3b8c8292b043bb84d94e2e3efa

SHA-256:
d6be2080aa883647f14ce479835df68bdb206022ea6688f2d8d548307cfca345

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/23/2024 2:39:27 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.1.13.4

File size:
1.1 MB (1,112,328 bytes)

Product version:
83.0.5.1178

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\set_hnrmfrgr.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
5/19/2016 5:51:38 PM

Valid to:
5/19/2017 5:51:38 PM

Subject:
CN=All Team Incorporated, O=All Team Incorporated, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00A3C7D36051C78896

File PE Metadata
Compilation timestamp:
6/27/2015 4:57:40 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x1268

Entry point:
E8, A3, 11, 08, 00, E9, BF, 05, 08, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, 8B, 41, 14, C7, 40, 04, FF, FF, FF, FF, 83, 41, 14, 08, 8B, 41, 14, 3B, 41, 18, 72, 05, E9, 41, C8, 00, 00, C3, 8B, 4C, 24, 04, DD, 44, 24, 08, 8B, 41, 14, DD, 18, 8B, 51, 14, DD, 02, D9, C0, DF, E9, DD, D8, 9F, F6, C4, 44, 7B, 0D, C7, 02, 00, 00, 00, 00, C7, 42, 04, 00, 00, F8, FF, 83, 41, 14, 08, 8B, 41, 14, 3B, 41, 18, 72, 05, E9, 04, C8, 00, 00, C3, CC, CC, CC, 57, 8B, 7C, 24, 08, B8, 2C, C6...
 
[+]

Code size:
524 KB (536,576 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 25.ip-167-114-153.net  (167.114.153.25:80)

TCP (HTTP):
Connects to digital-digest.com  (67.228.82.80:80)

TCP (HTTP):
Connects to ec2-52-70-152-90.compute-1.amazonaws.com  (52.70.152.90:80)

TCP (HTTP):
Connects to net-inst-ash.opera.com  (37.228.108.239:80)

TCP (HTTP):
Connects to 155.ip-167-114-96.net  (167.114.96.155:80)

TCP (HTTP):
Connects to ba.84.a86c.ip4.static.sl-reverse.com  (108.168.132.186:80)

TCP (HTTP):
Connects to fm-dyn-111-94-254-25.fast.net.id  (111.94.254.25:80)

TCP (HTTP):
Connects to a95-101-129-91.deploy.akamaitechnologies.com  (95.101.129.91:80)

TCP (HTTP):
Connects to a92-123-194-161.deploy.akamaitechnologies.com  (92.123.194.161:80)

TCP (HTTP):
Connects to a23-200-86-152.deploy.static.akamaitechnologies.com  (23.200.86.152:80)

TCP (HTTP):
Connects to a184-51-126-18.deploy.static.akamaitechnologies.com  (184.51.126.18:80)

TCP (HTTP):
Connects to ip-153.net-80-236-32.suresnes.rev.numericable.fr  (80.236.32.153:80)

TCP (HTTP):
Connects to a95-101-72-59.deploy.akamaitechnologies.com  (95.101.72.59:80)

TCP (HTTP):
Connects to a84-53-132-249.deploy.akamaitechnologies.com  (84.53.132.249:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to 62-183-170-33.co.dnainternet.fi  (62.183.170.33:80)

TCP (HTTP):
Connects to svr02.digital-digest.com  (67.19.19.130:80)

TCP (HTTP):
Connects to www.turktelekom.com.tr  (195.175.112.186:80)

TCP (HTTP):
Connects to ip-145.net-80-236-32.suresnes.rev.numericable.fr  (80.236.32.145:80)

Remove set_hnrmfrgr.exe - Powered by Reason Core Security