Reason Labs

google chrome 57.0.2987.98.exe

Hacehatafe

Ringier Axel Springer Polska Sp z o.o.

The application google chrome 57.0.2987.98.exe, “Hacehatafe Setup ” by Ringier Axel Springer Polska Sp z o.o has been detected as PUP.InstallCore.I. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as Google's Chrome web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Gopemebaha   (signed by Ringier Axel Springer Polska Sp z o.o.)

Product:
Hacehatafe

Description:
Hacehatafe Setup

Version:
2.1.2.4

MD5:
7596d3b4aa4d6efcb1058921c1956cf7

SHA-1:
9fc2364a333a86cc357a699c541eb1b30fc70608

Detection:
PUP.InstallCore.I

Risk:
Medium

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include browser extensions and various toolbars or other offers.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
10/19/2018 3:15:16 AM UTC  (today)

File size:
1.2 MB (1,215,896 bytes)

Product version:
3.5.3

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\documents and settings\nie wchodzic na to k\moje dokumenty\pobrane\google chrome 57.0.2987.98.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
3/30/2016 1:52:52 PM

Valid to:
5/21/2017 12:59:59 PM

Subject:
CN=Ringier Axel Springer Polska Sp z o.o., O=Ringier Axel Springer Polska Sp z o.o., L=Warszawa, C=PL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121B967A60661EAF04C09AF81768FCD8FB6

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Characteristics:
0x33167

Code size:
39.5 KB (40,448 bytes)

google chrome 57.0.2987.98.exe is installed together with the following file.

Clean
minecraftinstaller.msi  (eb9ab8cffb6aad1c1263bf224fc5bb700d16515f)

PUP.InstallCore.I
farming simulator 17.exe  (506b83d18146e764510e65fb062281e667f3ca1e)

PUP.InstallCore.I
war thunder.exe  (2481e876f92170baf89d0d46bc6ef3d184be42e8)

PUP.InstallCore.I
microsoft word 2016.exe  (ab80ec9f60e6415e49d3bf80363aa6a9a826f888)

PUP.InstallCore.I
fifa 17 trailer.exe  (0b61fa23570ffb90fb877d40e888b45281cdf149)

PUP.InstallCore.I
cat goes fishing.exe  (e3981d118dd25fcee20c31ff507d896765c84404)

PUP.InstallCore.I
hisuite by huawei 4.0.7.300.exe  (292f2c758de28f359212d422de1c4d13013e1142)

PUP.InstallCore.I
nero free 9.4.12.3d.exe  (3c07770817102bfa0e47c3c008eb9ee921c3ba91)

PUP.InstallCore.I
minecraft 1.11.2.exe  (e9449f3af01c489cec64aac6a57be8be7e79abb7)

PUP.InstallCore.I
minecraft 1.8.exe  (feb67aa2bac6a344ef124338e10ecca159e8b654)

PUP.InstallCore.I
minecraft 1.11.exe  (2aa5b466948172f0bec5b4ee9537cf3202462f40)

PUP.InstallCore.I
facebook messenger for windows 2.1.4814.0.exe  (fc50a2c83bf7fb0690b4dc6dd800fdd62142257a)

PUP.InstallCore.I
directx 12.exe  (1a607e528686697ba179351bd00fd1b191056887)

PUP.InstallCore.I
adblock plus 1.5 - internet explorer.exe  (52bb45ad26ef0fa82d9bb157c9540e524d81465f)

PUP.InstallCore.I
cda player.exe  (bbc9d1a5555bca8339c165baa4ebb8d16fb67aaf)

PUP.InstallCore.I
shiginima launcher 3.100 (keinett).exe  (b603630c1564514f36a95a46dc01eb3b8b02aba3)

PUP.InstallCore.I
counter-strike global offensive.exe  (ba6f57828e29755d8b50a38f3e8f9f7271aa57da)

Download Reason Core Security - Powerful anti-malware software