home

PastaLeadsService.exe

PastaLeadsService

One Call Ltd

The application PastaLeadsService.exe by One Call has been detected as adware by 3 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 8800 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program PastaQuotes by One Call Ltd which is a potentially unwanted software program. While running, it connects to the Internet address vcom.com on port 80 using the HTTP protocol.
Publisher:
One Call Ltd  (signed and verified)

Product:
PastaLeadsService

Version:
1.2.1.1

MD5:
8ec48324b8046ae485f75e82e796eb0f

SHA-1:
71586d2eb28860148c1ae53ff87cb44fb091d18b

SHA-256:
c6d1e82240f3948fe2b6714c926ba72ba57670a5c71b6cbad5337c254049d4b8

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
4/19/2024 4:43:27 AM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
PUP.Optional.PastaLeads.A
v2014.10.21.08

Reason Heuristics
PUP.OneCall.R
14.10.21.20

Trend Micro House Call
Suspicious_GEN.F47V0821
7.2.294

File size:
375.9 KB (384,920 bytes)

Product version:
1.2.1.1

Copyright:
Onecall LTD © 2014

Original file name:
PastaLeadsService.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\pastaleads\pastaleadsservice.exe

Digital Signature
Signed by:
One Call Ltd

Authority:
COMODO CA Limited

Valid from:
12/30/2013 4:00:00 PM

Valid to:
12/31/2014 3:59:59 PM

Subject:
CN=One Call Ltd, O=One Call Ltd, STREET=Zarhin 10, L=Raanana, S=IL, PostalCode=12345, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3319A851B8E5EE29CCF776BCF148B091

File PE Metadata
Compilation timestamp:
9/2/2014 5:14:42 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:KY9bNMYpVPqCK70MwP5oXBf8Ni6IQtYg+dx7RPhdbDjTyVvBgAnF:rLtpVPFo0MwPGxf8I6IQtDUjvI5F

Entry address:
0x5DCBE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.7658

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
367.5 KB (376,320 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:8800/

Local host port:
8800

Default credentials:
No


The file PastaLeadsService.exe has been discovered within the following program.

PastaQuotes  by One Call Ltd
PastaQuotes/PastaLeads is an web browser advertisement extension that delivers ads to the user's web browser. Ads are in the form of traditional banners as well as context-hyper links.
84% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to a96-16-7-74.deploy.akamaitechnologies.com  (96.16.7.74:80)

TCP (HTTP):
Connects to yv-in-f106.1e100.net  (74.125.21.106:80)

TCP (HTTP SSL):
Connects to www-lb.t-mobile.com  (206.29.181.10:443)

TCP (HTTP):
Connects to vcom.com  (50.22.204.75:80)

TCP (HTTP SSL):
Connects to tmobile-us.inq.com  (74.201.20.84:443)

TCP (HTTP SSL):
Connects to s3-1-w.amazonaws.com  (54.231.33.1:443)

TCP:
Connects to qh-in-f188.1e100.net  (74.125.22.188:5228)

TCP (HTTP SSL):
Connects to pc-in-f95.1e100.net  (74.125.28.95:443)

TCP (HTTP SSL):
Connects to lax02s20-in-f23.1e100.net  (74.125.224.151:443)

TCP (HTTP):
Connects to dfw06s40-in-f1.1e100.net  (173.194.115.33:80)

TCP (HTTP):
Connects to dfw06s33-in-f8.1e100.net  (74.125.227.200:80)

TCP (HTTP):
Connects to dfw06s27-in-f0.1e100.net  (173.194.46.0:80)

TCP (HTTP SSL):
Connects to a23-210-254-139.deploy.static.akamaitechnologies.com  (23.210.254.139:443)

TCP (HTTP):
Connects to a23-196-50-167.deploy.static.akamaitechnologies.com  (23.196.50.167:80)

Remove PastaLeadsService.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.