home

freemake.exe

Tasepa

Orbita LLC

The application freemake.exe, “Tasepa Setup ” by Orbita has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from mega.nz and multiple other hosts.
Publisher:
Orbita LLC  (signed and verified)

Product:
Tasepa

Description:
Tasepa Setup

MD5:
391c8f0a97578be25a2ec23d58534b55

SHA-1:
551658e919eaee91c663fec95e3e7019c6d15b19

SHA-256:
83e20a190dcb6688f84c8fc4c0620958c418c6c9888720d5c39802bbb890664f

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/26/2024 5:00:12 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/InstallCore.Gen
8.3.3.4

Bkav FE
W32.HfsAdware
1.3.0.8042

ESET NOD32
Win32/InstallCore.ZR potentially unwanted (variant)
10.13584

IKARUS anti.virus
PUA.InstallCore
t3scan.2.0.9.0

Reason Heuristics
PUP.InstallCore.ENG (M)
16.6.2.11

SUPERAntiSpyware
PUP.InstallCore/Variant
9106

File size:
1019.2 KB (1,043,648 bytes)

Product version:
5.1.7

Copyright:
Application

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\freemake.exe

Digital Signature
Signed by:
Orbita LLC

Authority:
GlobalSign nv-sa

Valid from:
10/24/2014 5:37:39 PM

Valid to:
12/13/2016 8:32:44 PM

Subject:
E=contact@mp3jam.org, CN=Orbita LLC, O=Orbita LLC, L=Nizhny Novgorod, S=Nizhny Novgorod Oblast, C=RU

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121CA83881898F63A64C1A31C3A8CC5C2F5

File PE Metadata
Compilation timestamp:
6/20/1992 6:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:mlvUTfXobwGbdywAp+uulq0kOAYCPehEp0P8jWrNwRVXHSm:m5efXoNbdcAAvOAvLJWGym

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9172

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file freemake.exe has been seen being distributed by the following 3 URLs.

https://mega.nz/temporary/.../s9J1nYgS

http://download.mp3jam.org/MP3jamSetup.exe

http://download2.mp3jam.org/MP3jamSetup.exe

Remove freemake.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.