» popservice.exe
Overview
Analysis
File Details
Behaviors (1)

popservice.exe

PopService

Installmatic, LLC

This is part of the Installmatic installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application popservice.exe by Installmatic has been detected as adware by 27 anti-malware scanners. The program is a setup application that uses the Installmatic Setup installer. It runs as a separate (within the context of its own process) windows Service named “PopDeals Service Watcher”.

File name:

popservice.exe

Publisher:

Installmatic, LLC (signed and verified)

Product:

PopService

Version:

1.0.3.1

MD5:

b734b3dee85420a73e6aee81884f5fbb

SHA-1:

93b8149c4c357d7de9bfb5fe6af4fa3e3959883f

SHA-256:

97b9ca7f161721a06b9bd64066a98a9bc9c5ab9d704debfe58b15320acbd9eea

Scanner detections:

27 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

5/17/2024 4:56:52 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.POV

393

Avira AntiVirus

ADWARE/PopDeals.84032.1

8.3.2.2

avast!

MSIL:Adware-O [Adw]

2014.9-160107

AVG

Installmatic

2017.0.2871

Baidu Antivirus

Adware.MSIL.Popdeals

4.0.3.1617

Bitdefender

Adware.Agent.POV

1.0.20.35

Bkav FE

W32.HfsAdware

1.3.0.6979

Comodo Security

ApplicUnwnt

23579

Dr.Web

Adware.Shopper.930

9.0.1.07

Emsisoft Anti-Malware

Adware.Agent.POV

8.16.01.07.03

ESET NOD32

MSIL/Adware.Popdeals (variant)

10.12558

Fortinet FortiGate

Adware/Popdeals

1/7/2016

F-Secure

Adware.Agent.POV

11.2016-07-01_5

G Data

Adware.Agent.POV

16.1.25

IKARUS anti.virus

AdWare.MSIL.Popdeals

t3scan.1.9.5.0

K7 AntiVirus

Adware

13.212.17839

Malwarebytes

PUP.Optional.PopDeals

v2016.01.07.03

McAfee

Artemis!4C5D4C21FE13

5600.6527

MicroWorld eScan

Adware.Agent.POV

17.0.0.21

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1077

Reason Heuristics

PUP.Installmatic (M)

16.1.7.15

Rising Antivirus

PE:Malware.Generic/QRS!1.9E2D [F]

23.00.65.16105

Sophos

Virus 'Mal/MSIL-LL'

5.14

SUPERAntiSpyware

PUP.PopDeals/Variant

9400

Trend Micro House Call

Suspicious_GEN.F47V0608

7.2.7

VIPRE Antivirus

MSIL.Adware.Popdeals

45186

ViRobot

Adware.Popdeals.84032[h]

2014.3.20.0

File size:

82.1 KB (84,032 bytes)

Product version:

1.0.3.1

Original file name:

popservice4.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Installmatic Setup

Language:

Language Neutral

Common path:

C:\Program Files\popservice\popservice.exe

Digital Signature

Signed by:

Installmatic, LLC

Authority:

COMODO CA Limited

Valid from:

7/22/2015 9:00:00 PM

Valid to:

7/22/2016 8:59:59 PM

Subject:

CN="Installmatic, LLC", O="Installmatic, LLC", STREET="80 SW 8th St #2000", L=Miami, S=FL, PostalCode=33130, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2D13291AEE51B2226F83396FCD33C1F1

File PE Metadata

Compilation timestamp:

9/30/2015 1:21:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:QZYwZj6n4rZsM/99/tZyVdqkcqBDBlUmLgkVe81zh2lUtUriB:QZRZjNeM/nyVAkcqBDBlUmLgkVe8hcY

Entry address:

0x142DE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

73 KB (74,752 bytes)

Service

Display name:

PopDeals Service Watcher

Service name:

PopService

Description:

Watchdog service for PopDeals

Type:

Win32OwnProcess

Remove popservice.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.