home

text-me-free-texting-calls_setup.exe

Nogenumo

Strategic Media Enterprises, LLC

The application text-me-free-texting-calls_setup.exe, “Nogenumo Setup ” by Strategic Media Enterprises has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.quickvaultscity.com.
Publisher:
Strategic Media Enterprises, LLC  (signed and verified)

Product:
Nogenumo

Description:
Nogenumo Setup

MD5:
8cadbc8d212d5075cc463f468ba36c87

SHA-1:
d1dafa0f6b0ad1f3ff5f0ad8c5657276159ad272

SHA-256:
cadce36f06122aef5663189af6ada799a42179104227d489ed5fb68b989430f1

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/27/2024 4:40:53 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.16.7

File size:
1.2 MB (1,253,008 bytes)

Product version:
2.6

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\text-me-free-texting-calls_setup.exe

Digital Signature
Signed by:
Strategic Media Enterprises, LLC

Authority:
COMODO CA Limited

Valid from:
4/23/2016 8:00:00 PM

Valid to:
4/22/2017 7:59:59 PM

Subject:
CN="Strategic Media Enterprises, LLC", O="Strategic Media Enterprises, LLC", STREET=3000 MICHELLE LN, L=OAKLEY, S=CA, PostalCode=94561, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
52133BABFD98A31A69782D28CB663FB5

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9849

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file text-me-free-texting-calls_setup.exe has been seen being distributed by the following URL.

http://www.quickvaultscity.com/EfczQboS4zySFhtIftpJnFuhW6KXs3j4VKQwEeuuksLghuFj0IdBZR1gyW1sDhxXDf5wRcuB47bG3f6pTvNrMaM3wxPOOV24OhdUrFWd0f914J1PGKJq6tPtotQ2KWl7aT9 ZLucF96NQ7TdN1wnAxZKcgxJWZPXAkQTB_56ovYWH9XGq 15C7hezlwQfc5twhqqgzUjo17C9QCFSQRlqslTyVWwnMHRBrJQnEOJpV6hCxtYRRE=-Gz4AAORtm8 KGt12Z3SUkKAElSLYgAOnEgmQlxPsMjRemKKsWV3R8y8AQWfbRjNHaCKdLw8lcwF6BA==

Remove text-me-free-texting-calls_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.