home

pelock.exe

PELock Demo

PELock, LLC

The application pelock.exe, “PELock Demo Setup ” by PELock has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.pelock.com.
Publisher:
PELock LLC   (signed by PELock, LLC)

Product:
PELock Demo

Description:
PELock Demo Setup

Version:
2.02.0.0

MD5:
2b623a35a684c17d487f81c6afceacae

SHA-1:
d7008a27cd0bdccd6c2889b04d064b3c6f58c52a

SHA-256:
3238dcb56ef3467a5b17dde64331d5b8b38cb4e5dd20a12d6854384fd4941ed3

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
9/15/2025 3:58:48 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.KillFiles.59380
9.0.1.0256

Reason Heuristics
PUP.InstallCore.CSH (L)
16.12.12.20

File size:
5.4 MB (5,707,712 bytes)

Product version:
2.02.0.0

Copyright:
Copyright (c) 2002-2016 PELock LLC

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\pelock.exe

Digital Signature
Signed by:
PELock, LLC

Authority:
StartCom Ltd.

Valid from:
7/10/2015 1:11:02 PM

Valid to:
7/10/2017 4:21:20 AM

Subject:
E=support@pelock.com, CN="PELock, LLC", O="PELock, LLC", L=Wilmington, S=Delaware, C=US

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
123CA06887D656

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:+59ISkJR0p3or0LBvdhe0o3YS9uN1hqNn7ddqXNe2eIq6fHluOZHWsoPTTpciePa:rR0pZhexuzwn7q9fVqCFuNtTD

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9990

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file pelock.exe has been seen being distributed by the following URL.

https://www.pelock.com/.../pelock.exe

Remove pelock.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.