» setupimgburn_2_5_8_0.exe
Overview
Analysis
File Details
Downloads (9)

setupimgburn_2_5_8_0.exe

Gofut

InstallSpeedy (New Media Holdings Ltd.)

The application setupimgburn_2_5_8_0.exe, “Gofut Setup ” by InstallSpeedy (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from www.capitalcenterdl.com and multiple other hosts.

File name:

Publisher:

Dekokimop (signed by InstallSpeedy (New Media Holdings Ltd.))

Product:

Gofut

Description:

Gofut Setup

Version:

5.8.3.6

MD5:

9483c74562bd859334efdb8deb2c8a6c

SHA-1:

5a3c56c5d97461dee5b570ff830096dd6c821712

SHA-256:

5eb3aaf4b0b4b6522da89f12376059be60d0f2cec3b0ee0e6a88b88d365795d1

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

1/14/2025 2:53:37 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.NewMedia.NMH (M)

16.8.9.12

File size:

953.8 KB (976,688 bytes)

Product version:

3.4.1

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Common path:

C:\users\{user}\downloads\setupimgburn_2_5_8_0.exe

Digital Signature

Signed by:

InstallSpeedy (New Media Holdings Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

3/15/2016 6:40:35 PM

Valid to:

7/11/2017 5:28:33 PM

Subject:

CN=InstallSpeedy (New Media Holdings Ltd.), O=InstallSpeedy (New Media Holdings Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121F59EA8A6B04CAE5E738F6CB09D295BDB

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:Ze2KrginP7D/kfTI/lq9AMju/FF/PuiYolvcAb+H:ZvwginPIIN79/FF//leA

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file setupimgburn_2_5_8_0.exe has been seen being distributed by the following 9 URLs.

http://www.capitalcenterdl.com/B1OoENiwCWSjRZHb UwbOR2Yj44OzbI_UQm0dfSdZigwqI3fFZgmMg8XDhNNK4zwoI5mXvtS KB6 nxNjqbCuC5BNYJw_z02mr9r7i6pBnIl 3i3wSzIINDWjGSZNg_MI67aEd9CttVm_StCL9ISOC3qGUbGUx5d9QUpC4rTz5Lm2HZNJiDlH9vp_2D6BC6P5sicjbatRVOoT0Ues7x4l0QFnvBKWSh2YzqYBJ9p6nPUG8kw2hAN_EJ3rl5EFX5FVUz7kQQGKmOJY5 3SsLRqOoIAn3DdGTcCCTArqaC0qQ8AaL2VA_N0PflE_e7DnGxjRk2pNyD xBkbCBBVYhZmCXY3rRrhpcIIrKIjI5fQg85sTz1me2Sui jamEFBbm9H8N7SVeCeNP1zK31bj6FGo0YBdfh NSk6nkqQ8euPkhLO2RtXHuDM8iY sAW9KaGCSMuf FbIGq7 99xE5u2nGxZsJnR41STT0utbTTcvQc0EgI12U=-GzkAAEQ3F5Mh2oIiiKAb J DQw7Y_0VSYBh4DJ9j8Uj5ZI1Rvr9FIS_ZR4IfwYA1LSr0 FCtSTs=

http://www.capitalcenterdl.com/WPeZZnnR7FHHK7l2GT5JlKS6p5rNGLVXaDWFWGjPRLTKlzv5wk n88BYPZ9HEeJyO4IUHhxbhHU6XmDeFOzWQg5eucONWHDtGvCTgZb3r0onQYO4Y85gY9vlIAZqtEAQlgZDDziyIGuDkBZqt2u_WsmpkVXgqge0ZHKgbY2BylNPXGxtB7koLIBPGkHhHOzfklJUc51aonjtznvkgFFzVhdwuJOUmwr_FhjGHXNTmZo8N9t6PM2d9pU12K5WwvY1KkUCjhp OUpD566kwVHLNX4nX9APzISaX8Av7B6qQDMW2c6U8fAO2DRsSJVkBaadGDBcPfb43Yit4K0fwKlplh91HnjsA3FzAfU2hLdVDGGwTIEl0k18Ou4XPdjdFAvFfKjPveF yQU8Ft0C_yPnRnd6v XqjgQODChx0EQKa Ie0g dr_IOfdnWep6Cmv3TOKLUg4CUKbWt_dG4_hhTZd3yc4RgjOR7_pzzdzNS7QnATZ2s67ppatJxM0fmmBt30D8f0axt-GzkAAEQ3F5Mh2oIiiKAb J DQw7Y_0VSYBh4DJ9j8Uj5ZI1Rvr9FIS_ZR4IfwYA1LSr0 FCtSTs=

http://www.capitalcenterdl.com/hhhw 1i_t1H10trZxF8rBOWhg BWHmxa8IdjO EmbosAXqhCxedA9axyt3DTcWH3 9AC9Cb9iuI0OL 3lltNHbhVDZ_BhkHtGZ8Hez6i3bnoflhiq97W1mIVdCFsHwiMG9z8Yam6omDwryL37zRQTVDP72s5eXQxDUgW0L8zbbmLiUTW3oxuHMvrErpqEfazI16SK2Io6lySlvVlxLQ4Vw92U74sC6lr83FmLXhhgpf_YLiBU5oubDGDEAEgzG02aGTkZo270vIM5yQAXztYYgr394gXqMo193tHIUHRi6Fov1PZdn9vquSL7GpreAAk JaXoy0MlFJnhZ4QX0xnNYP9RtkVpEfwQAYnBbGiyvnvcQeJkUHG9CWLEHBeoOro 3eqh Sj oLWPMBwXqVHun4uQSQv3t4KDjFD9_0 KvdPcS1dUDawnAyaNEJ2_GL6FPHgDeaVVOx4K6yeYqZPHBXSPthbwqnL1nlOAwfSf6A5CJkgyyOn3ibb97wSxZ0a_p3d9ukR-GzkAAEQ3F5Mh2oIiiKAb J DQw7Y_0VSYBh4DJ9j8Uj5ZI1Rvr9FIS_ZR4IfwYA1LSr0 FCtSTs=

http://www.capitalcenterdl.com/PgwA3DhKd56wSYNoenvmBbxFHVVaTQYlEI2TtaCkKNseLgtq ntf02438Cd5G8HCpDUMFibB5hEKPyRPAbeg7S honnceEmd3LqXRy4U1y0zMhYgJCeg1vVpRkJ2tDnJkgZ7kEj4yEkQonAyTEteSjQcGh95d8wVGORqB_Cs2Va4XcF2m9ttgnh3t23ocRNFqokT4JMGB2n1OfQvru2vmmSyxYA1_0cuineHcWo8JWK7IzvAd9iqfaqSw4awhuZvyIY3behwJTalH1dTrR84Bir96WKPLYSZLcUbclNyo9HNfrpFTWioCLOoVJ kBY6qAqWWujfUmn5a5xLZ4vQRHt19DDJHpLfZj 6NvpZfEDZJIlZaWkQCvmTJxLinVVou3fvuvIAY0nCvt0uldjaOrdtoiZGPIGKGBqTl5la72WwvblxDeV1agslv1TNteQlgzLFUZC7hiRr3NDueM1fQEAVHXIGRhv0BdrbQ8PGSo zFhNmghwnneYWvbA22xq5EzUKeQSRZ-GzkAAEQ3F5Mh2oIiiKAb J DQw7Y_0VSYBh4DJ9j8Uj5ZI1Rvr9FIS_ZR4IfwYA1LSr0 FCtSTs=

http://www.capitalcenterdl.com/exeT8mMexR9Sy8qAMfyUPz2DLFsmPBN7RyPe6bI06DdtBM4wCBUhN1xk3oqDLAPBxD8mQCen7lkOwWmAcTQJRHNpjjePzhyOHO0t tUKpwtirTVIr ArFMs2JAr6LxiwAi3 WRQD0An1CCZC0hF9AVldzkCPq_uerYx_rzJkqYGoAxnBlcZo0NustlZHMVe51OR2m1P3IvDdfQEm8qx2FwePyJgF72hPKPDS4RC_23M0MienQJh_svCScv8VSC3nQx0GMy_O4vRVQNCgglVNKkNvEE_JU6sJb9V52CoMbvY25i VAfAg zUkXTj8dzNhJuz X87Do7BNEA2phiOeGEdaxQvS8OolLruteC8GKvr5xtBL6M etAaBaITn2_8TjFOmjRBlX690HcDM5a56d9h_gM4TUCLSgQCq mExCTRMRU2wkLYwjCl6DwX cQnWhnYOGxjaxIVPV_3nJh73hbZGBznbEsY3qxOW3DTmo72QNMwIRBo=-GzkAAEQ3F5Mh2oIiiKAb J DQw7Y_0VSYBh4DJ9j8Uj5ZI1Rvr9FIS_ZR4IfwYA1LSr0 FCtSTs=

http://www.capitalcenterdl.com/hNy_0OFYljJs5eJWCtNePwuaPWkA6H8wZ6U08jkp36GOe9WbfjrKw7FxG6sR3aJUYcDJ5nIIAHpQMWmy_Em3PT1 QEAYrW92QynMT3HzZJx Xxyq GZR487NgIVmqunFORpTy9BvxYhS1VyUc6Wau3jNSuaKf_EObpjknZAdyUqxv0opzgEZ2LfZd3sUffEH4zN5UCYmWtvN9jkQ2B bXcho2NoTS_maTcWHfYTl_LVDrHGbiftHBmmtYCgUfJkd2xyUAeY1C5sO2Xo4J8hJdqkEIK2T b7wQ uCliqXLK3WBGnOI S1cV2DJgROB2s6gXSxKOa8M7O8ZiB6oXHGnNA1zkYF28uMxmKRhQGIC0ntcQIhyo2DYCAEE6p3cRlT85luF8PgqHst1iRnB6lYWSg1dhnWIeGde23C47ZCT_HsYvOqGqCVRyrHbTjVE9M51m1dv2yrIoD SZ1mVbe147Aam7ArwysiQye5KwCIghwGtxlKyd5H5u5coAfGZi9HBNUZs0im-GzkAAEQ3F5Mh2oIiiKAb J DQw7Y_0VSYBh4DJ9j8Uj5ZI1Rvr9FIS_ZR4IfwYA1LSr0 FCtSTs=

http://www.capitalcenterdl.com/7vux 0X7MxN06u7S044xnpPIzNm7aHEECaKTaiMTms89IUGpd8l M2UaFnf5c6GujPMXCPHQpVw4bQnL0gLTywSZAO36FIqq9P8p Ufl5mfp5p4w3z1QlvJwjnWvUskJ2I28PDVBAXtVHkGqltHspHKtMHCd0RlfQliv8Awx6J8ZP3F6ZQ8A Q7hL8F2euTGZJ2FG0qZ9RESUOdZIhTn5FEmPolCNybNnAI0izGnknknc65uMp39KtAa a7Q3s5qS3QKrJZczCnHL6o2fSJm2wOhDvfSeptREW8MDEEtlhHHopTFBBkw3yg03i2qCm6pm0F5bGxpp8K3nrCtSBQy_sHpjK0zJLqGZ7FfsfbZw7O 56TjOosVEq5t5uZMaJxj54o wYx E_adc6j3dU t AoO02n1TI4itJ3aZg1NaauqY69O1dBG7Yx vNLgP06i43WySfLLLvxKmrjRxq8eHusYK iRcQQxpFLpwgqNcGvMpEsISlZjD_C9T8YrsmkS_L357WaX-GzkAAEQ3F5Mh2oIiiKAb J DQw7Y_0VSYBh4DJ9j8Uj5ZI1Rvr9FIS_ZR4IfwYA1LSr0 FCtSTs=

http://www.capitalcenterdl.com/ob2Bgqr0Ucf8fwfGTC8LKoLU0VouJ0sjI0ihM8YJ1ZClQQyqEfYlZ2kZlIWU D0pRbqk4Fx9rTm_I0Apbx6FaD31PnrsXi2nx5ATh7RLRnsOLpR14IXHj4XmR3MG3qUCxnRTJuDzI3zTIvxmnPsx1Y9haTGnI6ZJk38lJPcPsNY9hCdPMJUXw7ZOkDPl4Tod4bvURCt2DYTXoEHmNa5A8t7WD19GmDyv4HktYOccW7BsGdTUbmb96lCod5sKJKhbBgaZMMhAf0bBdCzha_EjWbuIJ4HBKvw1BssT8jgvCDOpFMtYgPIF3VWNFTj2_mNrA0p245T56Hk9smoERhhz6y6qJP_JfqxyVSq2ygjKNxp6Gx79ejYrWpQEJRufekrsEw7soIaEJEKsHdlU0JA5PlGHinxWDbGyjHBxo9qfb7q4EuJpwYveQL34MyJiFtNkfkYPNa bf9_R7G3oli_V42Em7 DsBVUvyvWf3xo2eNHI13NPFsG8YZ6AaD2p8qAnLE00M_2g-GzkAAEQ3F5Mh2oIiiKAb J DQw7Y_0VSYBh4DJ9j8Uj5ZI1Rvr9FIS_ZR4IfwYA1LSr0 FCtSTs=

http://www.capitalcenterdl.com/T0fJJ3MS79JhTRfP4cmG_5iDmIikBMQRw0m 0Dg5wIp4fHP2FYV28FrDAJopJmVFZG_6JUqV wN86Xhj6Fj Ju7TvFpTMcDE5WwaFFllMnmemV n7XxGjlsfh0Rb_4LW7RCVU1XxMReQV8OXFcKeJp3eARTp1daBBzF55_2OQd0sl7o6rG1tvxmpEhj 6dteA7ascFvX0J4w22AMV6ZmRZGoCFw1AHVgThI7uVsmmy4lBVB2CErBLAD3QlxPpSvDHboE6TGpu uPYgySP0gbKSPSTbN4JXrU3kAUzLS9Uv1kkXXqcQ4CmBI3DAKBDGeXl1OwqBIhNmCGGEvhEMGjA7UqyQDlUCcKmhm3BBKQQgLZ4CcF5noycw8XFicEPtYssSaJVxse pZMEWhj7NO NMnfDICNZAlkmxeyi5IKNxFoVk OkZFnTKLWjXuS0DkUvGVYhtri4j4lP3_3IM1uoMJz8cTb 63TEn_Ex7w60bSiBeIVzj019eeIjI_eUldHDxTFUJ q-GzkAAEQ3F5Mh2oIiiKAb J DQw7Y_0VSYBh4DJ9j8Uj5ZI1Rvr9FIS_ZR4IfwYA1LSr0 FCtSTs=

Remove setupimgburn_2_5_8_0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.