» identity_theft_protection_wells_fargo_sign_in_downloader.exe
Overview
Analysis
File Details
Behaviors (1)

identity_theft_protection_wells_fargo_sign_in_downloader.exe

PileFile Downloader

FINEDREAM INVEST LTD

The application identity_theft_protection_wells_fargo_sign_in_downloader.exe by FINEDREAM INVEST has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is the uninstaller utility registered in the Windows Control Panel for the program PileFile reminder by Escolade Solutions LTD. It is also typically executed from the user's temporary directory.

File name:

Publisher:

FINEDREAM INVEST LTD (signed and verified)

Product:

PileFile Downloader

Description:

PileFile

Version:

1.0.0.2

MD5:

478a5445e04dccebdb643dd63b5ecc22

SHA-1:

492448805b7d2baea5702f956c4e57697774969c

SHA-256:

45a2d61041310f2b110283dfd132852fb84bbe7732300d2bb33f81d3d7cfe568

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/25/2024 2:18:54 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.FINEDREAMINVEST (M)

16.1.23.11

File size:

5.1 MB (5,332,936 bytes)

Product version:

1.0.0.22

Original file name:

xyztcjvBk.lnk_p

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\identity_theft_protection_wells_fargo_sign_in_downloader.exe

Digital Signature

Signed by:

FINEDREAM INVEST LTD

Authority:

COMODO CA Limited

Valid from:

9/30/2013 5:00:00 PM

Valid to:

10/1/2014 4:59:59 PM

Subject:

CN=FINEDREAM INVEST LTD, O=FINEDREAM INVEST LTD, STREET=11 ROSEMONT ROAD HAMPSTEAD, L=LONDON, S=HAMPSTEAD, PostalCode=NW3 6NG, C=GB

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00C5ED3DAB73641CD0D161EE50202FB462

File PE Metadata

Compilation timestamp:

11/13/2013 12:23:37 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:hhaRZ6Z2yJwl7rySAy12XOh5b47jt2I7aK:hhai4aw8E2XOh5b47QAaK

Entry address:

0xB853D

Entry point:

E8, AD, 75, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, DF, 06, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, C4, AD, 50, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, E6, 75, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, D0... 
[+]

Entropy:

5.6089

Code size:

894.5 KB (915,968 bytes)

Program Uninstaller

Program name:

PileFile reminder

Display publisher:

Escolade Solutions LTD

Uninstall string:

"C:\users\{user}\appdata\local\temp\{random}.tmp\identity_theft_protection_wells_fargo_sign_in_downloader.exe" --uninstallreminder

Remove identity_theft_protection_wells_fargo_sign_in_downloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.