home

5nmd4.exe

Install

Pepcy

The application 5nmd4.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from www.panningmanybanded.site.
Publisher:
Pepcy

Product:
Install

Description:
tiny install

Version:
240.71.214.212

MD5:
afda8b863526155bd310365e0a6327b1

SHA-1:
9e48da78ff143472a36b61b4ea0e3e2ae45d5e7a

SHA-256:
8d9c43a425ff5d4a28de1bfe8c546d44e55e77d00e9ce5d1db8ed01cd1db3a00

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
5/12/2025 12:40:27 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.InstallMonetizer.Pepcy.Installer.Meta (M)
16.7.12.2

File size:
1.2 MB (1,249,280 bytes)

Product version:
240.71.214.212

Copyright:
LC 2015

Trademarks:
Mark Cap

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\5nmd4.exe

File PE Metadata
Compilation timestamp:
5/10/2016 12:46:13 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:/RH8YW0bh5flefGSUdYXc6KMPAF9oaar/DdHDt6Y/J+4JdRH5lv66p:JH8YW0L0u/ucqi97a/dh//JbdRZlyQ

Entry address:
0xA874

Entry point:
E8, 6C, 34, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, B0, 58, 42, 00, FF, 15, 80, E0, 41, 00, 85, C0, 75, 18, 56, E8, 8B, 27, 00, 00, 8B, F0, FF, 15, 14, E0, 41, 00, 50, E8, 3B, 27, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08...
 
[+]

Code size:
114 KB (116,736 bytes)

The file 5nmd4.exe has been seen being distributed by the following URL.

http://www.panningmanybanded.site/.../5nmd4.exe

Remove 5nmd4.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.