home

pem77f.exe

OfferInstaller

The application pem77f.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source.
Product:
OfferInstaller

Version:
1.0.0.1

MD5:
3441a727f38e126346b1be82bdd66f71

SHA-1:
eff63a35d5fd6054301432ac8a13e2ca9ee0e5ce

SHA-256:
aa2503b2a837ff2aec3dfdf7b1a7c06255fd815d74cdb42b180ec3404a79a07e

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
5/12/2024 9:06:06 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.MSIL.Gen
7.11.218.126

avast!
Win32:GenMaliciousA-FOI [Adw]
2014.9-150323

Baidu Antivirus
Adware.MSIL.Imali
4.0.3.15323

ESET NOD32
MSIL/Adware.Imali (variant)
9.11346

G Data
MSIL.Adware.OfferInstaller
15.3.25

herdProtect (fuzzy)
variant of xsu1f8a.exe
2015.6.28.18

K7 AntiVirus
Adware
13.202.15369

Malwarebytes
PUP.Optional.OfferInstaller.C
v2015.06.28.06

MicroWorld eScan
Application.Generic.1204413
16.0.0.537

Sophos
Offer Installer
4.98

VIPRE Antivirus
MSIL.Adware.Imali
38754

File size:
296.5 KB (303,616 bytes)

Product version:
1.0.0.1

Copyright:
Copyright © 2014

Original file name:
OfferInstaller_dotnet2.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\pem77f.exe

File PE Metadata
Compilation timestamp:
3/19/2015 12:35:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:YgjCcFZT8qbTR7SquD4L8vioH/X8i9DLnHWcefjVo8bS5VDYiL:YgjCEZwgVxGq86oH/MKvnolgZ

Entry address:
0x4AE4E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
292 KB (299,008 bytes)

Remove pem77f.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.