home

8gun8b60.exe

CotesEtBourses

SDS Soft

The file 8gun8b60.exe, “CotesEtBourses Setup ” by SDS Soft has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.cotesetbourses.com.
Publisher:
S. De Schryver   (signed by SDS Soft)

Product:
CotesEtBourses

Description:
CotesEtBourses Setup

Version:
1.6.2.1

MD5:
ee4da8e9e4ad2d7bd987384270a7552f

SHA-1:
5802af617764990b4c1c6b32df5f8779c86e397f

SHA-256:
417de2720bfec918870254a0dd8c45fff0044f23dd82d5b4b93f15cd69d5d0e3

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/26/2024 9:21:49 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.CSH (L)
16.12.10.18

File size:
1.3 MB (1,318,072 bytes)

Product version:
1.6.2.1

Copyright:
Copyright © 2012-2016 S. De Schryver

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\8gun8b60.exe.part

Digital Signature
Signed by:
SDS Soft

Authority:
SDS Soft

Valid from:
11/17/2016 11:41:39 PM

Valid to:
11/17/2017 11:41:39 PM

Subject:
E=info@sdssoft.net, CN=www.cotesetbourses.com, OU=Développement, O=SDS Soft, L=Namur, S=Namur, C=BE

Issuer:
E=info@sdssoft.net, CN=cotesetbourses.com, OU=Développement, O=SDS Soft, L=Namur, S=Namur, C=BE

Serial number:
0BF880

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file 8gun8b60.exe has been seen being distributed by the following URL.

http://www.cotesetbourses.com/.../Setup CotesEtBourses.exe

Remove 8gun8b60.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.