» pickmeapp0_7_5_0.exe
Overview
Analysis
File Details

pickmeapp0_7_5_0.exe

PickMeApp

T-APP LTD

The file pickmeapp0_7_5_0.exe, “PickMeApp Deployment Tool” by T-APP has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.

File name:

Publisher:

T-App Ltd. (signed by T-APP LTD)

Product:

PickMeApp

Description:

PickMeApp Deployment Tool

Version:

0.7.5.0

MD5:

18e8639fa1155c8bad80bd3c4e6a84ad

SHA-1:

6a9cf3d7783833276f7436e8db118d9c494c0372

SHA-256:

41522da89bdc0e6268c4d1b72249a77345379027151c0e18f52a6d0043e78f4c

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

4/27/2024 1:19:03 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.PickMe.InstallMonetizer (M)

17.2.18.9

File size:

4.8 MB (5,000,408 bytes)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\pickmeapp0_7_5_0.exe.part

Digital Signature

Signed by:

T-APP LTD

Authority:

COMODO CA Limited

Valid from:

3/19/2014 5:30:00 AM

Valid to:

3/19/2017 5:29:59 AM

Subject:

CN=T-APP LTD, O=T-APP LTD, POBox=114, STREET=Midreshet Sde Boker, L=Sde Boker, S=Darom, PostalCode=84990, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00CA8CEAFB1307ABA39DF720B806DC7E14

File PE Metadata

Compilation timestamp:

12/6/2009 4:20:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9976

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove pickmeapp0_7_5_0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.