pixeasy-setup.exe

PixEasy

Secure Digital Services Limited

The application pixeasy-setup.exe, “PixEasy ” by Secure Digital Services Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from app.pix-easy.com.
Publisher:
Secure Digital Services   (signed by Secure Digital Services Limited)

Product:
PixEasy

Description:
PixEasy

Version:
2.3718.00636

MD5:
19ac81af79e434852b346de3294a2210

SHA-1:
a8cc663eab354f666afeba9431375625685c2978

SHA-256:
68428acdcebc6935eb65f75a9b11b0998a3726adcc9b23281e5b2c53e4076916

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/17/2018 12:21:25 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OfferBox.SecureDi.Installer (M)
16.3.11.4

File size:
1023.7 KB (1,048,256 bytes)

Product version:
2.3718.00636

Copyright:
Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.

Original file name:
PixEasy

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\pixeasy-setup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
11/16/2009 1:00:00 AM

Valid to:
11/17/2011 12:59:59 AM

Subject:
CN=Secure Digital Services Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Secure Digital Services Limited, L=Dublin, S=Dublin, C=IE

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3B62DC3672D1D2047D8974361B53ECE7

File PE Metadata
Compilation timestamp:
6/10/2009 9:03:37 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:U2TIyT39KAMp6TNpGrkvNhKebRffQtTBioJtQWBe:/1T39WpijGrkvvKURX6TgitZBe

Entry address:
0x6A832

Entry point:
55, 8B, EC, 6A, FF, 68, B0, D0, 48, 00, 68, D0, B3, 46, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 90, B1, 48, 00, 33, D2, 8A, D4, 89, 15, A0, 16, 4B, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 9C, 16, 4B, 00, C1, E1, 08, 03, CA, 89, 0D, 98, 16, 4B, 00, C1, E8, 10, A3, 94, 16, 4B, 00, 6A, 01, E8, 45, 39, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C2, 00, 00, 00, 59, E8, 6A, 17, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B1, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
552 KB (565,248 bytes)

The file pixeasy-setup.exe has been seen being distributed by the following URL.

Remove pixeasy-setup.exe - Powered by Reason Core Security