» FreemoreAudioVideoSuite.exe
Overview
Analysis
File Details
Downloads (1)

FreemoreAudioVideoSuite.exe

Norukapag

Huaxinwantong Beijing Technology Ltd

The application FreemoreAudioVideoSuite.exe, “Norukapag Setup ” by Huaxinwantong Beijing Technology has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.vaulttourquick.com.

File name:

Publisher:

Huaxinwantong Beijing Technology Ltd (signed and verified)

Product:

Norukapag

Description:

Norukapag Setup

MD5:

b1d3043238e66d74188980a0cf762860

SHA-1:

5cff74977f4801e90d17032964aa2e6e0e3f9dfa

SHA-256:

a4e8751fd9353cba0d88a8446a61b4bdbfca6ca48cdb11db1d68d80e4e658c31

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/19/2024 7:22:58 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore (M)

17.2.25.22

File size:

1.1 MB (1,140,408 bytes)

Product version:

3.0

Application Web

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\freemoreaudiovideosuite.exe

Digital Signature

Signed by:

Huaxinwantong Beijing Technology Ltd

Authority:

COMODO CA Limited

Valid from:

3/23/2016 9:00:00 PM

Valid to:

3/24/2017 8:59:59 PM

Subject:

CN=Huaxinwantong Beijing Technology Ltd, O=Huaxinwantong Beijing Technology Ltd, STREET="Dong Balizhuang 54, Building 2", L=BeiJing, S=BeiJing, PostalCode=100025, C=CN

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00C31292C6449E082B3FBF99E310243E2E

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file FreemoreAudioVideoSuite.exe has been seen being distributed by the following URL.

http://www.vaulttourquick.com/RCt2ffut3PN92uLKRMP1oCJ6vG79zsvQq4KXhJtM plOj4xc9JxpJdix3adCQ4kMWWJMNaClxgN 5RysgDehuIlA8UHuGrGXrlZNxmPTfYXyQKp7damVOrBjGeOzXaqB2sCc_QHaL4LXILXycoPyC m92RppbUXOUKp4_ObWjxk_gKCjzcAkNU_AJ_Hz9xkWlHFxTHlVitS2aXOsCGwwos9STYg49oApyIBPaGL7B9 mPI7lSHNmQFnHj7vzlSKIj3DpW2TcFVh3R2wCAyZ1oNC2rx1KEkSmub1lTt7qGGMd0wn2 bzLxmtVA EsAaMZyOc6FoWh79p2MH99WmbRaGZu7VFXyWKcwaYpLy5vEeYf_YUe2rvF32Tm9K8mPlM1s8pi4ksoIpKycIPiHKwmPsoNdmKD77P_6zNX7MzNvhcYhWQnVinxJ65HpuLT4vsaa9PoQx34Bt33aNVCYEfEH8JAs2HgJ6ZmZIczX_2_7TYbyrx gKvLgXvjagPsAiODobx5L2Xg-G1gAAMTaOW4Ms0WZv6wGf8MVrqA45YC9VWCB1HZAODgOnycTJemNUb7NpsWeCXinNtZF8Thw0MSMPNNzqtIhe7xoxQI AA==

Remove FreemoreAudioVideoSuite.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.