» pm.exe
Overview
Analysis
File Details
Downloads (1)

pm.exe

LHEODGSRUSNI

The application pm.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. The file has been seen being downloaded from cdn.pmdownloadcdn.com.

File name:

pm.exe

Publisher:

LHEODGSRUSNI

Product:

LHEODGSRUSNI

Version:

1.2.2.6

MD5:

ae8f99d561f09ef40b26a8c29609a73a

SHA-1:

5690a59495ac0e87c22e8da6e553a09b7e9c158c

SHA-256:

8dcb3677a17051b36e44c7faa80ae75ac6d78e2edb4653a88fb16337f7e348c5

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 2:29:48 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Mikey.15765

458

AhnLab V3 Security

PUP/Win32.DealPlay

2015.10.02

Avira AntiVirus

ADWARE/DealPly.A.36077

8.3.2.2

Arcabit

Trojan.Adware.Mikey.D3D95

1.0.0.568

avast!

Win32:Evo-gen [Susp]

2014.9-151104

AVG

DealPly

2016.0.2936

Bitdefender

Gen:Variant.Adware.Mikey.15765

1.0.20.1540

Dr.Web

Adware.DealPly.46

9.0.1.0308

Emsisoft Anti-Malware

Gen:Variant.Adware.Mikey.15765

8.15.11.04.08

ESET NOD32

Win32/DealPly.AC potentially unwanted (variant)

9.12343

Fortinet FortiGate

Adware/Generic

11/4/2015

F-Secure

Gen:Variant.Adware.Mikey

11.2015-04-11_4

G Data

Gen:Variant.Adware.Mikey.15765

15.11.25

K7 AntiVirus

Adware

13.210.17398

Kaspersky

not-a-virus:AdWare.Win32.DealPly

14.0.0.1173

MicroWorld eScan

Gen:Variant.Adware.Mikey.15765

16.0.0.924

NANO AntiVirus

Riskware.Win32.DealPly.dxkgjx

0.30.26.3725

Panda Antivirus

Trj/Genetic.gen

15.11.04.08

Qihoo 360 Security

Win32/Virus.Adware.38e

1.0.0.1015

Quick Heal

AdWare.DealPly.OD8

11.15.14.00

Rising Antivirus

PE:Malware.RDM.48!5.36[F1]

23.00.65.151102

Sophos

DealPly Updater (PUA)

4.98

SUPERAntiSpyware

Adware.Symmi/Variant

9528

File size:

1.9 MB (2,040,320 bytes)

Product version:

1.2.2.6

Trademarks:

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\0846756a_stp\pm.exe

File PE Metadata

Compilation timestamp:

9/29/2015 1:03:19 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:2lTXJxf7tU1SeIFjnBPZcXfr49RshOqwW/1olllU:2lTbRU1SeCjsz49PFW/L

Entry address:

0x94766

Entry point:

E8, D3, 7A, 01, 00, E9, 35, FE, FF, FF, 55, 8B, EC, 8D, 45, 14, 50, FF, 75, 10, FF, 75, 0C, FF, 75, 08, 68, E2, C3, 4A, 00, E8, 60, 00, 00, 00, 83, C4, 14, 5D, C3, 55, 8B, EC, 8D, 45, 14, 50, FF, 75, 10, FF, 75, 0C, FF, 75, 08, 68, 52, D5, 4A, 00, E8, 41, 00, 00, 00, 83, C4, 14, 5D, C3, 55, 8B, EC, 8D, 45, 10, 50, 6A, 00, FF, 75, 0C, FF, 75, 08, 68, E2, C3, 4A, 00, E8, 23, 00, 00, 00, 83, C4, 14, 5D, C3, 55, 8B, EC, 8D, 45, 10, 50, 6A, 00, FF, 75, 0C, FF, 75, 08, 68, 52, D5, 4A, 00, E8, 05, 00, 00, 00, 83... 
[+]

Entropy:

7.0927

Code size:

819.5 KB (839,168 bytes)

The file pm.exe has been seen being distributed by the following URL.

http://cdn.pmdownloadcdn.com/pricefountain/.../setup.exe

Remove pm.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.