home

obfuscator.exe

Obfuscator

PELock, LLC

The application obfuscator.exe, “Obfuscator Setup ” by PELock has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.pelock.com.
Publisher:
PELock LLC   (signed by PELock, LLC)

Product:
Obfuscator

Description:
Obfuscator Setup

Version:
2.3.0.0

MD5:
79bff225b8119bf33b0a767c74fd1e2e

SHA-1:
0994d7997dbdec998a9346b743c98f430c98319b

SHA-256:
9b1ec97a9eef9f7a0f18f5f1c6718e02d3ac7334193459e7ed6428cfcf78a828

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/25/2024 7:39:02 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Packed.Confuser.J suspicious (variant)
10.13843

Reason Heuristics
PUP.InstallCore.CSH (L)
16.12.2.7

File size:
940.4 KB (962,928 bytes)

Product version:
2.3.0.0

Copyright:
Copyright (c) 2002-2016 PELock LLC

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\obfuscator.exe

Digital Signature
Signed by:
PELock, LLC

Authority:
StartCom Ltd.

Valid from:
7/10/2015 8:11:02 PM

Valid to:
7/10/2017 11:21:20 AM

Subject:
E=support@pelock.com, CN="PELock, LLC", O="PELock, LLC", L=Wilmington, S=Delaware, C=US

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
123CA06887D656

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:y7blaUuWzZBerEMJ4bXYUiqkHCOWmW6eo8cuHnDwouTjKy6QnR:y75LzZBOEMkYDhH8mTCDKXR

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9767

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file obfuscator.exe has been seen being distributed by the following URL.

https://www.pelock.com/.../obfuscator.exe

Remove obfuscator.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.