PastaLeadsService.exe

PastaLeadsService

One Call Ltd

The application PastaLeadsService.exe by One Call has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 8877 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program PastaQuotes by One Call Ltd which is a potentially unwanted software program.
Publisher:
One Call Ltd  (signed and verified)

Product:
PastaLeadsService

Version:
1.0.0.4

MD5:
519c7cd28497b20ced1062faecdbb3a8

SHA-1:
9651031992293c9476331e78abd2096600ea232a

SHA-256:
f88395f2741f954b896a8bc64a92046422ec03ad8eee870b92aba71ecc35a4fe

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
8/15/2018 6:11:22 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OneCall.R
14.5.12.12

File size:
352.9 KB (361,368 bytes)

Product version:
1.0.0.4

Copyright:
Onecall LTD © 2014

Original file name:
PastaLeadsService.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\pastaleads\pastaleadsservice.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
12/30/2013 7:00:00 PM

Valid to:
12/31/2014 6:59:59 PM

Subject:
CN=One Call Ltd, O=One Call Ltd, STREET=Zarhin 10, L=Raanana, S=IL, PostalCode=12345, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3319A851B8E5EE29CCF776BCF148B091

File PE Metadata
Compilation timestamp:
4/22/2014 9:50:03 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:/8vKvBXZdsqOcGM3NAwb7eo79/vyIPaMu4Q+lTj5qLh56IwN5lUJJlq2J9VCe2vr:oKpDTd6e/voZn+Njq5lJdV7lkyw

Entry address:
0x5812E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.7138

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
344.5 KB (352,768 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:8877/

Local host port:
8877

Default credentials:
No


The file PastaLeadsService.exe has been discovered within the following programs.

PastaQuotes  by One Call Ltd
PastaQuotes/PastaLeads is an web browser advertisement extension that delivers ads to the user's web browser. Ads are in the form of traditional banners as well as context-hyper links.
84% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to vip1.g.cachefly.net  (205.234.175.175:80)

TCP (HTTP):
Connects to server-54-240-160-239.iad12.r.cloudfront.net  (54.240.160.239:80)

TCP (HTTP):
Connects to server-54-230-19-32.iad12.r.cloudfront.net  (54.230.19.32:80)

TCP (HTTP):
Connects to server-54-230-18-129.iad12.r.cloudfront.net  (54.230.18.129:80)

TCP (HTTP):
Connects to server-54-230-17-105.iad12.r.cloudfront.net  (54.230.17.105:80)

TCP (HTTP):
Connects to s3-1.amazonaws.com  (54.231.8.120:80)

TCP (HTTP SSL):
Connects to ord08s07-in-f19.1e100.net  (74.125.225.83:443)

TCP (HTTP SSL):
Connects to nuq05s01-in-f8.1e100.net  (74.125.239.104:443)

TCP (HTTP SSL):
Connects to iad23s24-in-f8.1e100.net  (74.125.228.232:443)

TCP (HTTP):
Connects to iad23s24-in-f7.1e100.net  (74.125.228.231:80)

TCP (HTTP SSL):
Connects to iad23s24-in-f6.1e100.net  (74.125.228.230:443)

TCP (HTTP SSL):
Connects to iad23s24-in-f4.1e100.net  (74.125.228.228:443)

TCP (HTTP SSL):
Connects to iad23s24-in-f24.1e100.net  (74.125.228.248:443)

TCP (HTTP SSL):
Connects to iad23s24-in-f2.1e100.net  (74.125.228.226:443)

TCP (HTTP SSL):
Connects to iad23s24-in-f15.1e100.net  (74.125.228.239:443)

TCP (HTTP SSL):
Connects to iad23s24-in-f1.1e100.net  (74.125.228.225:443)

TCP (HTTP):
Connects to ec2-54-243-98-51.compute-1.amazonaws.com  (54.243.98.51:80)

TCP (HTTP):
Connects to ec2-54-225-221-55.compute-1.amazonaws.com  (54.225.221.55:80)

TCP (HTTP):
Connects to ec2-23-23-152-193.compute-1.amazonaws.com  (23.23.152.193:80)

TCP (HTTP):
Connects to ec2-184-73-217-115.compute-1.amazonaws.com  (184.73.217.115:80)

Remove PastaLeadsService.exe - Powered by Reason Core Security