» pm.exe
Overview
Analysis
File Details

pm.exe

MY POP SHOP LTD

The application pm.exe by MY POP SHOP has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory.

File name:

pm.exe

Publisher:

PennyBee (signed by MY POP SHOP LTD)

Product:

PennyBee

Version:

1.0.1.1

MD5:

87b4bb2db7e3f17c38b27e7a9d7f4f82

SHA-1:

f03b92b9e2764d7cb0e96b834eddec266688734f

SHA-256:

433fbc8844cc708568d6b6d2a3f94c13447e5d30da9b94fd52a5d91ea968ee61

Scanner detections:

21 / 68

Status:

Adware

Analysis date:

4/26/2024 7:19:15 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Smartbar.O

750

Avira AntiVirus

APPL/Linkury.Gen2

7.11.164.206

AVG

Mypopshop

2015.0.3396

Baidu Antivirus

Adware.Win32.Linkury

4.0.3.15116

Bitdefender

Adware.Smartbar.O

1.0.20.80

Comodo Security

ApplicUnwnt

19320

Emsisoft Anti-Malware

Adware.Smartbar.O

8.15.01.16.01

ESET NOD32

MSIL/Toolbar.Linkury (variant)

8.10184

F-Secure

Adware.Smartbar.O

11.2015-16-01_6

G Data

Win32.Application.Linkury

14.7.24

IKARUS anti.virus

AdWare.Linkury

t3scan.1.6.1.0

Malwarebytes

PUP.Optional.PennyBee.A

v2015.01.16.01

McAfee

Artemis!87B4BB2DB7E3

5600.6884

MicroWorld eScan

Adware.Smartbar.O

16.0.0.48

NANO AntiVirus

Riskware.Win32.Linkury.dcvwxz

0.28.2.61148

nProtect

Adware.Smartbar.O

14.08.26.01

Reason Heuristics

PUP.Resoft.MYPOPSHOP

15.1.16.1

Sophos

Generic PUA MP

4.98

Trend Micro House Call

Suspicious_GEN.F47V0731

7.2.16

Trend Micro

ADW_LINKURY

10.465.16

VIPRE Antivirus

Adware.Smartbar

32556

File size:

964.7 KB (987,816 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\360222_stp\pm.exe

Digital Signature

Signed by:

MY POP SHOP LTD

Authority:

COMODO CA Limited

Valid from:

7/7/2014 1:00:00 AM

Valid to:

7/8/2015 12:59:59 AM

Subject:

CN=MY POP SHOP LTD, O=MY POP SHOP LTD, STREET=14 Shenkar Arie, L=HERZLIYA, S=NA, PostalCode=46725, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

4A7D93FD75281A37A4ADCDCD636D3ADB

File PE Metadata

Compilation timestamp:

12/25/2013 5:01:38 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:lOKYnwOb2S7xE3c4tX97xtlO0g+WbIQTmWG1Ono:sKDwQFX9E+Cpn3o

Entry address:

0x3358

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 14, C7, 44, 24, 10, 30, 92, 40, 00, 89, 6C, 24, 1C, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 70, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 08, A3, 98, 92, 42, 00, E8, B7, 2E, 00, 00, A3, E4, 91, 42, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, 90, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, 7C, 93, 40, 00, 68, E0, 81, 42, 00, E8, 22, 2B, 00, 00, FF, 15, 34, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, 10, 2B, 00, 00... 
[+]

Entropy:

7.9900

Packer / compiler:

Nullsoft install system v2.x

Code size:

24 KB (24,576 bytes)

Remove pm.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.