» poolsharksinstaller.exe
Overview
Analysis
File Details
Downloads (2)

poolsharksinstaller.exe

Sanlis Ltd

The application poolsharksinstaller.exe by Sanlis has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from files.downloadnow.com and multiple other hosts.

File name:

Publisher:

Sanlis Ltd (signed and verified)

MD5:

c97de51788c1f587a78d23b941395ae0

SHA-1:

03bb96b7dc0165ccf9499baf782c85e780775a1c

SHA-256:

f2b18ce4f14e5da24911098e205db2180b12c10c534cbf0d7ddd2c30581c5cc8

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/24/2024 10:19:33 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Sanlis.T

14.7.5.10

File size:

4.7 MB (4,907,880 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\poolsharksinstaller.exe

Digital Signature

Signed by:

Sanlis Ltd

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

12/30/2007 7:00:00 PM

Valid to:

12/30/2008 6:59:59 PM

Subject:

CN=Sanlis Ltd, OU=Secure Application Development, O=Sanlis Ltd, L=Paphos, S=Paphos, C=CY

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

5E12D8DAE2855F25FCF43411CDEDA060

File PE Metadata

Compilation timestamp:

6/19/2007 10:53:02 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:duuF52um0Urx1hRGlmUdb0HSMfnYM0s8xPdqy/Tl5pbC:d52B0UNRGlmXfpT8iuC

Entry address:

0x1ADD4

Entry point:

55, 8B, EC, 6A, FF, 68, 38, E6, 43, 00, 68, 28, EA, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 40, E1, 43, 00, 33, D2, 8A, D4, 89, 15, E0, 8D, 45, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, DC, 8D, 45, 00, C1, E1, 08, 03, CA, 89, 0D, D8, 8D, 45, 00, C1, E8, 10, A3, D4, 8D, 45, 00, 33, F6, 56, E8, 8F, 3B, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 5A, 38, 00, 00, FF, 15, 3C, E1, 43, 00, A3, 74, BD, 45, 00, E8... 
[+]

Entropy:

7.9688

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

244 KB (249,856 bytes)

The file poolsharksinstaller.exe has been seen being distributed by the following 2 URLs.

http://files.downloadnow.com/s/software/10/80/77/.../PoolSharksInstaller.exe

http://ultradownloads.com.br/.../2,980108.html

Remove poolsharksinstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.