» freesoundrecorder.exe
Overview
Analysis
File Details
Network (1)

freesoundrecorder.exe

TechEvolve GMBH

The application freesoundrecorder.exe by TechEvolve GMBH has been detected as a potentially unwanted program by 7 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. While running, it connects to the Internet address 77.e3.adb8.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.

File name:

Publisher:

TechEvolve GMBH (signed and verified)

MD5:

70a603630e31878a14d805a82f67361c

SHA-1:

0984e1eaaa2af223290a51560c044426c274862e

Scanner detections:

7 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

3/20/2026 11:58:47 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.InstallCore

4.0.3.15428

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Trojan.InstallCore.280

9.0.1.0118

Norman

InstallCore.CERT

11.20150428

Reason Heuristics

Threat.TechEvolveGMBH

15.4.27.23

Trend Micro House Call

Suspicious_GEN.F47V0315

7.2.118

VIPRE Antivirus

InstallCore

39258

File size:

2 MB (2,053,408 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\free sound recorder\freesoundrecorder.exe

Digital Signature

Signed by:

TechEvolve GMBH

Authority:

VeriSign, Inc.

Valid from:

12/15/2012 7:00:00 PM

Valid to:

12/16/2015 6:59:59 PM

Subject:

CN=TechEvolve GMBH, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TechEvolve GMBH, L=Beijing, S=Beijing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

50FF3D5C361AE9F52E4B0A3CF576C6EE

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:wIm9lGTppT8kgWB9JA5JBjmZIdbXiFIRlDgbxkb3q4rAi0dZmx8hbFB/kCqIMkpj:wIm9mNWbBxdDadbxC64rYbVOC3

Entry address:

0x1A0388

Entry point:

55, 8B, EC, B9, 06, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, 20, FD, 59, 00, E8, 07, 68, E6, FF, 33, C0, 55, 68, 64, 05, 5A, 00, 64, FF, 30, 64, 89, 20, B2, 01, A1, 5C, 90, 41, 00, E8, 59, 34, E6, FF, A3, 3C, BE, 5A, 00, 8D, 55, E4, A1, 1C, 87, 5A, 00, 8B, 00, E8, 31, CB, EC, FF, 8B, 45, E4, 8D, 55, E8, E8, 2E, 97, E6, FF, 8B, 45, E8, 8D, 55, EC, E8, F3, 3A, EF, FF, 8B, 55, EC, B8, 34, BE, 5A, 00, B9, 7C, 05, 5A, 00, E8, C9, 45, E6, FF, 8B, 0D, 34, BE, 5A, 00, B2, 01, A1, 30, E1, 46, 00... 
[+]

Entropy:

6.5821

Developed / compiled with:

Microsoft Visual C++

Code size:

1.6 MB (1,701,376 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 77.e3.adb8.ip4.static.sl-reverse.com (184.173.227.119:80)

Remove freesoundrecorder.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.