» pencil-2.0.5.win32.installer.exe
Overview
Analysis
File Details
Downloads (32)

pencil-2.0.5.win32.installer.exe

Pencil

Evolus Co., Ltd.

The executable pencil-2.0.5.win32.installer.exe, “Pencil GUI Prototyping Tool” has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from doc-14-9k-docs.googleusercontent.com and multiple other hosts.

File name:

Publisher:

Evolus Co., Ltd.

Product:

Pencil

Description:

Pencil GUI Prototyping Tool

Version:

2.0.5.0

MD5:

4199da4829c1b0056ed68e25e0682b14

SHA-1:

4c4d7b48d23813df5a08d30c44e0d7edb0dcb9d1

SHA-256:

37e71d96d7d1ab4e51ade964eb7576e705baf31455cc210ace5c0a857779b437

Scanner detections:

1 / 68

Status:

Malware

Explanation:

This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

4/19/2024 12:59:57 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Threat.Win.Reputation.IMP

16.11.29.15

File size:

23.1 MB (24,218,412 bytes)

Â© Evolus Co., Ltd.

Trademarks:

Pencil Application is a trademark of Evolus Co., Ltd.

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\users\{user}\downloads\pencil-2.0.5.win32.installer.exe

File PE Metadata

Compilation timestamp:

2/16/2013 5:56:50 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.23

CTPH (ssdeep):

393216:eC9Xd4p0lMwc2D0O7WlxPaHvyJ9MWWMUFBRe797PaNEky/4w/TJV1DHRnbgTwbHr:eC9W0llhlWlxPaC9MWW7e7JcI/4wrhb1

Entry address:

0x4139

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, 9C, 01, 00, 00, FF, 15, 74, 53, 43, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 54, 43, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 54, 43, 00, 56, C7, 04, 24, 08, 00, 00, 00, A3, F4, 37, 43, 00, E8, 5B, 3C, 00, 00, A3, 50, 38, 43, 00, 8D, 85, 88, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, 54, 43, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7... 
[+]

Entropy:

7.9982 (probably packed)

Code size:

34 KB (34,816 bytes)

The file pencil-2.0.5.win32.installer.exe has been seen being distributed by the following 32 URLs.

https://doc-14-9k-docs.googleusercontent.com/docs/securesc/1h9jcsiofqmbjdvc8t1pl1gnr17ukhk8/2vdbfirm9k06niopvsktgu0atnbmhd04/1451923200000/.../10878406643371270664/0BxYTVcLL2MCjeUN3a1BtTnBzdm8?e=download

http://filehippo.com/download/file/.../

https://fiapcom-my.sharepoint.com/personal/rm49796_fiap_com_br/_layouts/15/download.aspx?SourceUrl=/personal/rm49796_fiap_com_br/Documents/ATI19/.../Pencil-2.0.5.win32.installer.exe

http://filehippo.com/fr/download/file/.../

http://dlsw.baidu.com/sw-search-sp/soft/3e/.../Pencil-2.0.5.win32.installer.1904505139.exe

https://drive.google.com/uc?id=0Bzht2680uD9jRVpzZTQ2UGQwQ0E&export=download

http://dl.filehorse.com/win/developer-tools/.../Pencil-2.0.5.exe

http://filehippo.com/es/download/file/.../

http://filehippo.com/download/file/.../

http://files.downloadnow.com/s/software/13/81/05/.../Pencil-2.0.5.win32.installer.exe

http://lb.cdn.m6web.fr/d/c/a/01e40e188e3ec89fd07898c3a3be372f/58125004/soft/.../pencil-project_2-0-5_fr_431637.exe

http://download.findmysoft.com/2014/03/.../Pencil_2.0.5.exe

https://etecspgov.sharepoint.com/sites/samuraiprogrammers/.../Pencil-2.0.5.win32.installer.exe

http://filehippo.com/download/file/.../

http://pencil.evolus.vn/.../Pencil-2.0.5.win32.installer.exe

http://filehippo.com/download/file/.../

https://docs.google.com/uc?authuser=0&id=0BzZqmK_V3ID0NDN4UzZrYzR5OGs&export=download

http://filehippo.com/download/file/.../

http://lms.umt.edu.pk/mod/.../view.php?id=5536

http://filehippo.com/download/file/.../

http://forum.myeleec.fr/compteur.php?url=https://evoluspencil.googlecode.com/.../Pencil-2.0.5.win32.installer.exe

http://filehippo.com/es/download/file/.../

http://filehippo.com/download/file/.../

http://fs33.filehippo.com/3091/.../Pencil-2.0.5.win32.installer.exe

http://fs36.filehippo.com/9077/.../Pencil-2.0.5.win32.installer.exe

http://filehippo.com/download/file/.../

http://www.programosy.pl/.../pobierz,pencil,2.html

http://www.chanthaburi.buu.ac.th/~worawit/.../Pencil-2.0.5.win32.installer.exe

Latest 30 of 32 download URLs

Remove pencil-2.0.5.win32.installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.