home

hdsetup.exe

The application hdsetup.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.safepcrepair.com a web site host known to distribute potentially unwanted software operated by Mindspark Interactive Network.
MD5:
e5b985ec2729a1dbda37fd4e5b89b17c

SHA-1:
8ed6aff5232bc25dd5c62bccf7653f376702e54a

SHA-256:
f88148f92f747063f04cd001bdc5955afe402f76f8a1baf2fd7696149037d465

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/25/2024 7:23:07 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (L)
16.7.16.12

File size:
165 KB (168,971 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\hdsetup.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
3072:3LUOI6LqEdoMSMqTCLa/kgdoHMrloqdK3McF5X:3LUEqEdoMSMqTDjKsrlo

Entry point:
0D, 0A, 0D, 0A, 0D, 0A, 0D, 0A, 0D, 0A, 0D, 0A, 0D, 0A, 0D, 0A, 0D, 0A, 0D, 0A, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 0D, 0A, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 0D, 0A, 20, 20, 20, 20, 0D, 0A, 20, 20, 20, 20, 20, 20, 20, 20, 0D, 0A, 20, 20, 20, 20, 20, 20, 20, 20, 0D, 0A, 20, 20, 20, 20, 20, 20, 20, 20, 0D, 0A, 20, 20, 20, 20, 0D, 0A, 20, 20, 20, 20, 0D, 0A...
 
[+]

Entropy:
5.2650

The file hdsetup.exe has been seen being distributed by the following URL.

http://www.safepcrepair.com/index.jhtml?partner=^AW7^xdm852&s2=mem_576cb25e7e88f&s1=ant_start_us

Remove hdsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.