» setup_imgburn_2.5.8.0_dlm.exe
Overview
Analysis
File Details
Downloads (6)

setup_imgburn_2.5.8.0_dlm.exe

Heregofo

Digital Digest Pty Ltd

The application setup_imgburn_2.5.8.0_dlm.exe, “Heregofo Setup ” by Digital Digest Pty has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.sharemegatowers.com and multiple other hosts.

File name:

Publisher:

Socidoca (signed by Digital Digest Pty Ltd)

Product:

Heregofo

Description:

Heregofo Setup

Version:

1.7.5.5

MD5:

58d89a0a552a9965696f7f1f73830d50

SHA-1:

2efd2e95a7994b13c5af4543bfed547a7490747f

SHA-256:

db63da1d5506d67c8bd4be40deb794a59284d52905dac63f9bffb9afb025d808

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/27/2024 6:36:43 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.installCore (M)

17.2.16.2

File size:

1.2 MB (1,273,960 bytes)

Product version:

2.8

Program Software

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Digital Signature

Signed by:

Digital Digest Pty Ltd

Authority:

GlobalSign nv-sa

Valid from:

11/1/2016 9:29:52 AM

Valid to:

2/11/2018 10:08:02 AM

Subject:

CN=Digital Digest Pty Ltd, O=Digital Digest Pty Ltd, L=Templestowe, C=AU

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE

Serial number:

28FDEF667CD17A44281EC77D

File PE Metadata

Compilation timestamp:

6/19/1992 4:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xAA98

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9849

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

40.5 KB (41,472 bytes)

The file setup_imgburn_2.5.8.0_dlm.exe has been seen being distributed by the following 6 URLs.

http://www.sharemegatowers.com/F4tBo0YN0b1LScK4bm0_i77VImRt_N9_Xnkzey7H l0M3TGzJ6yRJ7XKee3FlsOEMcepCASEOHsYoHKUjdhCzHNePqlGyNqAe0x_OaYmtUkLcJEUS5kFYIx0IZpCAxO85Inle2Td4YPxHCj31xr0wfKWxqVB7BaYxBSRIY7bnzzfaApDaRgpZkLw9s3Jt4d6tkYSKkiGsHCYJC45cx2COqbh XZqi4qk Ceofjl3uFJg38y1ybyLKlv6kNe8c48qRHJG8f_DrRD1lwxRMK3TUjEb9XkkC8B7kNVT77jMOIsZQlkcWPGHNNddLzCttn4r_w48S23s81_AxgP3Ey s84Yuomgh1EPS126nUogrLbz4gaDtpwSxoN7cRlM6nKsEhwz6y72e1gRl39GV1kzOEfk Oax3Y72BGIugeVVggnu2mxKwxVHVNU6fOIGXzxp07POtNRagkrwfffIGlvab9z2MhAtO0w==-G3gAAMTWZmtEB4qKwbbbSnb36JmdUw4cWkGJtx34jhe781DHn4rEvvEaK2hOAICglIy9lv8qTLnPRtfKhOcWU9rZ97PeUe5JcO6dhSsgbbBaAdsXc0wy3VybjeQ=

http://www.sharemegatowers.com/72mWrIYAPxnkyqViCDwCIlYr7_p60ppB4A8_0sR6WISCiJgvzE Yg4yRtIGVqYmJfk2fjeALI1zKT8J wmIEpH3wjqBN ECUweMC4cWemIane_Lo55h DWETilASd2kg61wQwbFfSGatt_lWehSybJm0LIv5DJK3eNikU07aCdliwtWYUPvupZzVK VQVkVrjrQTU BcQX_U24 d _PMg3oaq7PpdyONH_Ekv0u6qAkrdL5LLA7zNF7YAp_4qdkrOBMAUSXQ2kYEH8d6qVsl2diviMOk8ZceExE7AR0fRyAPBCLWbG4qC4UihX2Jrir4qFcTv42NCFB792BcvO7ufoOBs7PRk sYQJ keOXH9NLAirPD9L7p3GFSR0TysSAuHcQkn vbuuMnhNV_tMf qQdQxoPVxVKkgzguLEj_6Mnsv7L6p6IiIsKHsBLk gTmZxMMmZegpcqMJcsLVcJcKDUPfhDT6g==-G3gAAETVzblJ2ACyT1xYBELu7QkhCHKccuDQCkq87cB3vNidhzr VCT2jddYQTMmAAhKydj54q_ClHvcqJur4LnFknbW9zyeEfoJyL3JFmVvxYuHWVhyJW3pqZnu3QA=

http://www.sharemegatowers.com/YBbqxWRE7SOcNpKQDOvSFHfA9cPT28yFOGzjZ9ghPNEzoYQFsSV7THuSkIHhOsWESDVpbqpqOELKHysHMx2Be3DMJGed1LRq9jTJ3WuP4NQVyisB9riUmRk4Qn3WAR5R5361zVphX198kXQ VC DCbjlcvW9HF6 9AYHNhD4C_ hwqgorue9X39zQXqEFMk5TWxaj7eXF_mRPMJECQWHGobreGU H3yWCzZF oK0mVRbyINz9alSRDnx7FEP _g8Sxm0_SFbvVwJeHTNNHoWm61qfQNx ZzsweE6Rn8 OQoOip11 uWFrR 4P4sfwBXmtTTqr0moY1AJgfPVupjLyvcRxQbwnlQMrtsn74mrTAI030q2oEQ 2blDNN g3 byN3v9pe1xsh6NO2ntssYBKOqvxmw6Sn1eXTK4yflhoLFiBaf 8n3NgyXFld98W C8bExisGuKKqPk7w8AexTPT2xscJV7Ng==-G3gAAMT_3NbaImKaCHHH 8PUKQcOraDE2w58x4vdeajjT0Vi33iNFTSfBABBKRkrT_SrMOX FoSGrTA8t5ilneGZVq06dD0DcW_VtBzBR1tzhUmqShZswQ0VgsgduQY=

http://www.sharemegatowers.com/lcL7sJf0NdGyRn11KiIw6h5scamwikiCY5Ebe6 qs8D3 SK5En upCMqlxZ5Myu45nfxbe31GGWtfYLEkiADLAPCgYCNId7G 1qr7AWLyapZYa9xf8tX9Vmr98Vs8 5Zq4eKMNNLPMgk4Kw8yM9gAHm70NPh2vzIUiGCbOB8pgCCsTZm6 9TU0NeimBlvMdXe5x t2qtwo1srAhqv3yhEYtqKNMFjSBk3OzIYAPvcRS4pBr2T5JdQ46dqEDxzCQPaLuleotHKJJeLrYb2QKnAH6uA4yColdDM19KYAxVaM8vtgD1VndhztlmGKq5OrN_TKvb9GPBDGk8sUF5q8FWtBLRzoz1Mvl8BPpnTksLKDxSBjKygzGXIlaj2X6ihvVvcekAuGVkUW1aD7tQZ8YNeERC2YhpTaeZloAXMQ1CDqi8FEpVF65C Y xnW2bi6zN_W5EOksoD0v5NSImwUjWQjhxv8HgPQ==-G3gAAETFOecqj6AIhV6X_qx2pxw4tIISbzvwHS9256GOPxWJfeM1VtAYCwCCUjLWPuRXYcptLpRB7BCeW0xpZ6mr7t7G7yYI945SFoS7ZgAqjJXswjG8WJI05JAF

http://www.sharemegatowers.com/_zpSGC16BtJwDmISZKaJwftg6i2Eal35aDsIxH2MH 3jVe8lQ8smDLxHr3W1e1Z2YpmvFK8upoP8f4yO1fFjU_ge0SOq76Agky sVGT7Y91XWJKMrlaz68zVZi7 ggRRMICbpJoUBhjUU8LUyPLDF7HfwYnJNZFpGzjc8J322RdWAictn72sNFKOK4s6qTMqw9D7 qRYDSLCKgDmI1YAf9f3MCD9WlOTIwNjbjQu6bqX7hmdVcRYtOxVWYr3RP3iYpZegAwMXuldCKStX5VBAq76EDZnMjJBiww48kVC7meS07ANmijuZr_wiix9K7ge18Am6SrfcWE_TltTcf305eaWaYKhBjttnj4l9DNeDpsOIwJNE2dwxmttWVNBiFG61_ICVqC49dXi_1EKYP5gtHRipJ7PBl1S8mMcrqlMSoMVtbyevGXXukRZwlNqcav3FtOqXmlz7JpbHo5zhDehFN8yccKA1w==-G3cAAMRsW2uLKpMJBELyunnc_9RkQKccOLSCEm872LcD2Z2HOv5UJPaN11hBMxcACErJ2PXmr8KUd77ouWyC5xZL2u6fG6_nFIB6x1Atru0oLdKO6hxWmVNY0OgB

http://www.sharemegatowers.com/xVIIHAQwDyrnED9ZFo72DT7gJ AfRh3ATntwT 5WauEDl31fJvbFcX92br0fRBMDaEZa20Ag_HqA_s2x5c1F2eY_gd08BzTXJhuTrQrqLkmnaLHalvNC298vcHsWgN4KOVKMWUhfx4rlRSGsv9ZNuh1E8YsKcOljbUVE98tH6EV7FJHxAzgtJkKoljJp6U nSR_L5dP1qohjZaKbwIbiitdeZJqg06QhPaIugltigDtJF7Hb8SbDRueIh93vvwuyGEbBTgzHfBzjjiwMvA73uzro9SZJ8QtrLchlkG0rCOCBj61Iu5TpQF7trj4luXCm9NAd83O6WxGW3AHAXNt4JnVowAYh9DOpMsODxR2uW8S82lVnQgqY3h0e7ieohflOJVXcU kWGpXl09HlqZRpM2nkx9PTRFiPlNl0bB5y49QBhXk2Ic0Y9YdXA9cZ9VsALLfhtXaUIq1qti09KhXMqhdX0c6cMw==-G3gAAGTYtveYWcuKMwBr2045cGgFJd524Dte7M5DHX8qEvvGa6ygOWHOGcmlZCzalkuFKfd55MAVBvm5xSDtDLOoquLvZpAX7r3GFSdDKSWKMMPUQhTHgpBVY0m0VA==

Remove setup_imgburn_2.5.8.0_dlm.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.