home

pengy.exe

The application pengy.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from installerlaunch-gn1.com.
MD5:
36d5bc3fcf156ea8cf6b16312e796262

SHA-1:
e788d11c1611701dc9c5346c022ff7a225e0771e

SHA-256:
112f61e62af3d0907a4653f6952928e2d92d49ebf2f5b2f813e27fbecb7b747d

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/18/2024 4:23:50 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/InstallCore.AU potentially unwanted application
6.3

F-Prot
W32/InstallCore.P.gen
4.6.5.141

Microsoft Security Essentials
Trojan:Win32/Dorv.B!rfn
1.225.3446.0

Reason Heuristics
PUP.InstallCore.ENG (M)
16.8.8.18

File size:
1 MB (1,100,640 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\pengy.exe

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:gloja8US0st3DxEaNA/sFdV+rrO75Y3Xw5B9/QNmzdpVk:crPp2xEOBdV+vO75D9Imzd

Entry address:
0xCAB50

Entry point:
55, 8B, EC, 83, C4, F0, B8, E4, 1D, 40, 00, E8, 84, DA, FF, FF, FF, CC, 83, 44, 24, 04, F8, E9, 95, 4E, 00, 00, 83, 44, 24, 04, F8, E9, B3, 4E, 00, 00, 83, 44, 24, 04, F8, E9, BD, 4E, 00, 00, CC, 69, 11, 40, 00, 73, 11, 40, 00, 7D, 11, 40, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, C0, 00, 00, 00, 00, 00, 00, 46, 88, 11, 40, 00, 08, 00, 00, 00, 00, 00, 00, 00, 00, 12, 40, 00, 94, 11, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 12, 40...
 
[+]

Entropy:
6.9556

Developed / compiled with:
Microsoft Visual C++

Code size:
828 KB (847,872 bytes)

The file pengy.exe has been seen being distributed by the following URL.

http://installerlaunch-gn1.com/.../PlayPickle-iCorev2.exe&dn=pengy.exe&sid=4721-ISM&pid=1045&browser=ch&ptrk=1iup1gu17un6bdcg1mcrjn16u2

Remove pengy.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.