» pal_install_beta.exe
Overview
Analysis
File Details
Downloads (71)
Network (1)

pal_install_beta.exe

Paltalk Messenger Setup

Paltalk.com

The application pal_install_beta.exe by Paltalk.com has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This version of the installer will bundle the Ask.com Toolbar, a potentially unwanted web browser extension. The file has been seen being downloaded from download.paltalk.com and multiple other hosts. While running, it connects to the Internet address cache.google.com on port 80 using the HTTP protocol.

File name:

Publisher:

AVM Software Inc. (signed by Paltalk.com)

Product:

Paltalk Messenger Setup

Version:

11,7,616,17528

MD5:

5d64858e3a66cf574760dbf5e6632b74

SHA-1:

c918ae70cbe5aad27b63e05c1066c7766297c2bf

SHA-256:

a9f46622ca9751e329ba5a5289805dd84d4181cbc3e53d176738aaae9b9af32d

Scanner detections:

5 / 68

Status:

Potentially unwanted

Explanation:

Bundles that Ask.com toolbar as a third-party offer, a web browser extension that may modify a user's search and home pages.

Analysis date:

4/18/2024 4:11:05 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.AskToolbar

4.0.3.15710

Clam AntiVirus

Win.Trojan.Agent-837420

0.98/21511

ESET NOD32

Win32/Bundled.Toolbar.Ask.G potentially unsafe (variant)

9.11917

Malwarebytes

PUP.Optional.APNToolBar.A

v2015.07.10.09

NANO AntiVirus

Trojan.Win32.Agent.dpfnyt

0.30.24.2487

File size:

2.3 MB (2,445,968 bytes)

Product version:

11,7,616,17528

Original file name:

paltalk_messenger_setup.exe

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\pal_install_beta.exe

Digital Signature

Signed by:

Paltalk.com

Authority:

Symantec Corporation

Valid from:

5/14/2015 7:00:00 PM

Valid to:

5/14/2018 6:59:59 PM

Subject:

CN=Paltalk.com, O=Paltalk.com, L=Jericho, S=New York, C=US

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

17B0C425187E4534E12B02B218563F46

File PE Metadata

Compilation timestamp:

9/5/2011 9:16:19 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:hE8IEHw0BQXXuEQCHsEizZB5CMVttNiRNFgJoVsg0dfLL/jmbGekk1dPVdfLLc:4Ew0BQeEFHsxX5CMVtHOyJoVazAGezY

Entry address:

0x384F

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 28, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 24, 92, 40, 00, FF, 15, 84, 81, 40, 00, 68, 0C, 92, 40, 00, 68, C0, AD, 46, 00, E8, 18, 27, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 06, 27, 00, 00... 
[+]

Entropy:

7.9907

Packer / compiler:

Nullsoft install system v2.x

Code size:

27.5 KB (28,160 bytes)

The file pal_install_beta.exe has been seen being distributed by the following 50 URLs.

http://download.paltalk.com/download/.../pal_install_ar_r1111.exe

http://download.paltalk.com/download/.../pal_install_ar_u43723785_a729_r109723_p153.exe

http://download.paltalk.com/download/.../pal_install_vi_u43678936_a729_r1418_p166.exe

http://download.paltalk.com/download/.../pal_install_u43726486_a355_r110091_p159.exe

http://download.paltalk.com/download/.../pal_install_vi_u43630216_a729_r1418_p128.exe

http://download.paltalk.com/download/.../pal_install_de_u43729362_a355_r110027_p128.exe

http://download.paltalk.com/download/.../pal_install_u43581592_a729_r109736_p128.exe

http://download.paltalk.com/download/.../pal_install_fr_u43644617_a729_r109882_p173.exe

http://download.paltalk.com/download/.../pal_install_fr_u43709851_a729_r109817_p114.exe

http://download.paltalk.com/download/.../pal_install_pt_u43684821_a729_r109734_p128.exe

http://download.paltalk.com/download/.../pal_install_u43608668_a729_r109736_p128.exe

http://download.paltalk.com/download/.../pal_install_ar_u43724803_a729_r109723_p176.exe

http://download.paltalk.com/download/.../pal_install_ar_u43641446_a729_r109723_p176.exe

http://download.paltalk.com/download/.../pal_install_ar_u43640264_a729_r109723_p176.exe

http://download.paltalk.com/download/.../pal_install_vi_u43618148_a729_r1418_p166.exe

http://download.paltalk.com/download/.../pal_install_u43688346_a729_r109723_p175.exe

http://download.paltalk.com/download/.../pal_install_u43584169_a729_r109723_p175.exe

http://download.paltalk.com/download/.../pal_install_u43671305_a355_r110026_p114.exe

http://download.paltalk.com/download/.../pal_install_vi_u43609696_a729_r1418_p166.exe

http://download.paltalk.com/download/.../pal_install_u43579568_a729_r109724_p173.exe

http://download.paltalk.com/download/.../pal_install_ar_u43726914_a729_r109882_p153.exe

http://download.paltalk.com/download/.../pal_install_ar_u43653355_a729_r109723_p176.exe

http://download.paltalk.com/download/.../pal_install_fr_u43568956_a729_r109817_p128.exe

http://download.paltalk.com/download/.../pal_install_fr_r1111.exe

http://download.paltalk.com/download/.../pal_install_r109817_a729_u43610680.exe

http://download.paltalk.com/download/.../pal_install_ar_u43573698_a729_r109724_p176.exe

http://download.paltalk.com/download/.../pal_install_ar_u111_a729_r109746_p153.exe

http://download.paltalk.com/download/.../pal_install_fr_u43687415_a729_r109743_p166.exe

http://downloads.paltalk.com/download/.../pal_install_r132127.exe

http://download.paltalk.com/download/.../pal_install_ar_u43589655_a729_r109723_p176.exe

Latest 30 of 71 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to cache.google.com (202.136.91.241:80)

Remove pal_install_beta.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.