internet explorer 11.0.9600.17126.exe

Hacehatafe

Ringier Axel Springer Polska Sp z o.o.

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application internet explorer 11.0.9600.17126.exe, “Hacehatafe Setup ” by Ringier Axel Springer Polska Sp z o.o has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. With this installer, users are expecting to download Internet Explorer but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Gopemebaha   (signed by Ringier Axel Springer Polska Sp z o.o.)

Product:
Hacehatafe

Description:
Hacehatafe Setup

Version:
2.1.2.4

MD5:
872bc570200bf86af697b45e387a68ba

SHA-1:
c7ee0b009b77f05c301e2cc9aae77b0f0bd31afb

SHA-256:
a1e738890b502f1bf3442291cfcae2817fec6a218938415994acc4bfcfb2a8fa

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
8/12/2020 7:41:39 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.3.16.2

File size:
1.2 MB (1,215,896 bytes)

Product version:
3.5.3

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\internet explorer 11.0.9600.17126.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
3/30/2016 1:52:52 PM

Valid to:
5/21/2017 12:59:59 PM

Subject:
CN=Ringier Axel Springer Polska Sp z o.o., O=Ringier Axel Springer Polska Sp z o.o., L=Warszawa, C=PL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121B967A60661EAF04C09AF81768FCD8FB6

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file internet explorer 11.0.9600.17126.exe has been seen being distributed by the following URL.

http://www.bytesendclear.com/ZI3HlH01keNbCbWxJfIqADaLq3QBmKmRCgWqJ4ImQxtGdqf5CQ35YqRP60HvdLl8OjfK2cYmrkrlArJsrdb8kwj00krI_NT86roXo__d3fcL3D1rUYi_TAtoSnvFYH6p0S60oXq1_wNMfTOB0Hod0dRWOaQqP4HHJ4eAIrZ9a0089T7VSa3VWODEdZSaiW_YaKFawv rH_l3RyDxU4ecZo9LRQzXxY6svvhCzxnNbqM4U093Xw85ktjaWboA55XzD9ypM4LCS7M1lmnOwG97KfWZcXrRszO7gOsZ4xj4_C3iB1Fz_fLN7TCnkRJjfybjObCXhS8zJT8_d5AeWEyLFuBYebRh G5CqvGWLcnxuCgif geyYr0Rr30yIRnPrKpWyj7agU875BpfNBBJ aRpqeLlcO_Ve XKx3DqGr1Ma2aZx6pG2R1S__oKaur3mrTjWTQ_PkeFvbvOQB1QnnR07xSqLXDZ7qiSBx0Zy7Dt5NlyKXqtDJifBJOdcTFdWQ5m0SGr8UD5ysvIgki1xPn8LTW76LbHMvsyqp4YpSKqZ3Dm7kFNaGr0tqtTbe2pz5tJIl5QSy0xQ_31FWUehnLO_KaasDFZA==-G2sAAMTcVkxuXBFDMdgEi1V0yFBeWfp_xzhwuPXJB_Blx8Fx FwRI7uijUEkV3dM91gbj65xpn10N78HRioqXTnbL3M3ZGtOQVYDavCcIuBGmZ5A8go=

Remove internet explorer 11.0.9600.17126.exe - Powered by Reason Core Security